Hi @Salesforce Identity : I am trying to understand when to use Oauth Webserver flow vs User Agent flow (Implciit Flow)

Documentation says that if client can't keep the secret secure, then use User agent flow as you can get access token without client secret.It is recommended for Mobile application and desktop applications.

But, if i have a web application where we can't store any sensitive information such as credentials or client secret, can i still use User agent flow? Or it can be used only for desktop applications.

Thanks,