Why do we not want to request credentials directly for a user? (from Expo docs)

Hello Expo fam.

Tools I am using: AuthSession

I am curious what you mean in the documentation in this highlighted part of the paragraph:

The way I have requested access is simply this in my android standalone app:

const [request, response, promptAsync] = Google.useIdTokenAuthRequest({
      "<my google credentails for Android>",

  const checkResponse = () => {
    const { id_token } = response.params;
    const credential = new GoogleProvider.credential(id_token);
      .then((res) => console.log(res.user.email));

I am curious if this is the wrong way to do things and why. I have read the Facebook Login Documentation but I am still kind of confused on the security risks of how I’m getting the credential.

Can someone please explain to me on a high level if the way I am getting the credential is secure to authenticate a user?