What is the purpose of the implicit grant authorization type in OAuth 2?

Question

I don\'t know if I just have some kind of blind spot or what, but I\'ve read the OAuth 2 spec many times over and perused the mailing list archives, and I have yet to find a

Answer 1

In the implicit flow if the user's browser is corrupted (evil extension / virus ) then the corruption gets access to the user's resources and can do the bad stuff.

In the auth flow the corruption can't because it doesn't know the client secret.