That’s how I understand it. The client secret is basicially a password to authenticate your app, so that Twitch knows that it’s actually your app wanting to request the token and not an attacker that somehow got hold of an access/refresh token. So the important part is that you keep it private. If it is bad practice to store it on your personal computer for a bot that runs on your personal computer, then I’m not aware of it. I suppose a personal computer could generally be considered less secure than a server, but then again this is for a program that pretty much just one person uses, so the risk also seems minimal.
Sorry, I can’t help you with any details, since I haven’t put it into practice yet myself.
It doesn’t really matter under what Twitch account the app is registered, they just need to get their own Client ID/Secret if they want to host your bot themselves.
According to the docs it’s shown to you once when you register your app on Twitch.