Secure to pass sensitive session data to page?

[johnnypea]

Please, is it safe/secure to pass sensitive session data to page like this?

/** @type {import('@sveltejs/kit').LayoutServerLoad} */
export function load({ locals, request }) {
    return {
        session: locals.session.data
    };
}

Or what is the recommended approach to use a "token" from session in client side requests (fetch) to external API?

Thank you.