Android - is it safe enough to store cert hash in plain text in `network_security_config.xml`?

Question

Is it easy to reverse engineer the app and check the certificates it is pinned against if we specify the hashes as plain text in network_security_config.xml? I\