Which of these procedures are safer?
Directly obtain a stripe bank account token (generated from the client-side plaid client) and send that token to my server for processing
Or
Send the plaid account token (generated from the client-side plaid client) to my backend server and retrieve the stripe bank account token remotely?
The stripe documentation says I provides steps for the latter however the plaid-client flutter api (unofficial) provides a method to obtain the stripe bank account token directly.
Obtaining it directly would save server resources, however I would not do it at the expense of user security.
You should never have a secret client-side since anyone could view it and make requests as if it was you.
You should be following Stripe's documentation here. You obtain a plaid token client-side first, then you send this to your server. There, you can securely use your secret to exchange this for a Stripe token, and then use Stripe's API to save the bank account on a Customer.