Webpack, Meteor and security

I’ve been trying to integrate Stripe with the Webpack (the jedwards flavor) and stumbled with an Error: Cannot resolve module.

In my attempt to figure out how to fix this problem and also how exactly webpack works, I stumbled on this Stripe/webpack issue that made me curious about the security of using Webpack with Meteor.

I’m confused where everything goes when webpack bundles everything. I initially assumed that client and server code were bundled separately and respectively kept server side and client side. Would someone be able to clarify the webpac process specifically for Meteor? We know for sure that secret api keys aren’t being included in the client side bundle?


P.S. I bypassed my module loading error by using meteorhacks:npm to load the Stripe npm via meteor rather than webpack. Is there anything that would make this a problematic practice?