Any time you submit an XRP Ledger transaction, it must be signed using your secret key. The secret key gives full control over your XRP Ledger address. Never send your secret key to a server operated by someone else. Either use your own rippled server, or sign the transactions locally before sending them to a rippled server.
The examples in this document show API methods that include a secret key. This is only safe if you control rippled server yourself, and you connect to it over a connection that is secure from outside listeners. (For example, you could connect over a loopback (localhost) network, a private subnet, or an encrypted VPN.) Alternatively, you could use RippleAPI to sign transactions locally before submitting them to a third-party server.