I'm realizing there's no need for an entire PHP SDK (it would be nice, of course), but if there was a way to simply initialize with PHP to hide your secret key, then the rest of the SDK would be secure - without this, the JS SDK is super unsecure.
I've been looking into Xajax , to implement this, but because this is a socket instead of a normal request, I'm not quite sure how to handle this.
Instead of initializing, I could returnNonce via php function as well.
I'm not quite sure how to do this, although I'm currently looking into it and it seems possible.
This was discussed via a ticket with Dylan.