I've seen some projects (dont' think they're affiliated with rclone in anyway) use rclone's client_id & client_secret for Google Drive OAuth in there own apps
There's really no harm in that other than they are choosing a really stupid client ID and secret to use as rclone's is generally over subscribed. The poor folks would be better off making their own.
Correct, I'm not aware of that being there either, but it's not really anything harmful to the best of my knowledge.
It just allows you to use the API for API quota stuff and since rclone defaults to it, it's silly to use it else where as it's over subscribed and you'd get much better performance making your own.
I'm guessing part of the reason people use rclone's is so they don't have to go through the verification process (required when u use sensitive scopes) which requires ToS page, privacy policy page etc (its a hassle)
I asked this question because I was suggested to use rclone's creds on one of my projects and I was not sure if I should?
It's not a big deal for me tbh, I've added build instruction so ppl can create their own creds but if rclone devs are fine with others using their creds I'd wanna add it to my app as well.