Shouldn't the "Secret" code from the two-step authentication be hidden after you set it up on your phone/totp device? If its always visible there someone could copy your code just by looking at that page.
I'm actually talking about is the Secret that is used to generate the code you use to login:I don't think it is necessary as the secret code from 2 step authentication probably will be invalid within few seconds.
after you set it up on your phone/totp device?