My use case is that a shared OAuth ID+secret for an external system is used in the app by every account and user, so can be set once at deploy time. Secrets is the way to go in this instance.
If you need to save secrets for individual users, SecureStorage is probably the way to go.