ClientID is public, it is your responsibility to secure your ClientSecret which can be used in the oauth flows and register to your application. Collectively, across the board in all OAuth applications ‘ClientID’ is public. While the ClientID associates a request to your application it is not secured information - Anybody can use it to make a request. While I can’t speak to rate limiting based on abuse on the ClientID, that section is talking about items you are expected to secure, and not share.