Isn't that the point of OAuth? (versus HTTP basic auth)
Your secret key shouldn't be compromised, because you're supposed to keep that secret. Also if you use HTTPS for requests you'd still get a cert error even if DNS was routing incorrectly. You're probably fine.