Hide token from chrome DevTool

Using iframe api iand token based authentication, i notice on the google chrome devTool that the token as is is bond to my.domain.com:http-bind?room=room&token=token
to my App this a measure exploit, as any one can open devTool get the secret and appId.
I was wondering if there was a better/ another way using token auth without exposing devTool network activities?

Nope, there is no way to pass the token at the moment.

I wish there was an mqtt transport. That would have solved it easily.