Valentin The implementation that bunq uses is meant for servers, hence why it depends on the "server" adding a secret to authenticate the user. The flow that you're referring to is called an Implicit Grant. It works differently and doesn't require the client to have access to the OAuth application secret.
The reason that bunqDesktop uses the client's own details and I don't simply hard-code mine into the client is because in older versions the OAuth response included private information for whoever requested the access. That has been changed now but I'm not exactly comfortable with using it in the client when it might expose my private info without my knowledge :p
It has been suggested before but again, it would be a great idea of adding implicit grants or some other form of authentication. Especially since front-end apps and frameworks are becoming more and more popular.