I just noticed that GodMode shows application secrets in the backoffice, such as database connection strings and SMTP credentials. I really want to keep godmode, but the exposure of application secrets in the backoffice is not desirable. Can I disable this feature including the api endpoint that provides this data?

No, unfortunately it doesn't appear to be possible: https://github.com/DanDiplo/Umbraco.GodMode/issues/41