Storing private environment variables for Sveltekit

With Sveltekit, environment variables only used in server side code (deployed as Functions) are referenced as private environment variables. In Cloudflare pages, you have the option to encrypt these variables. If I do, will my app still be able to access these variables? Or do i need to decrypt them in my app somehow?

Related to this, how “exposed” are the environment variables in Cloudflare? Will they be unexposed to the internet if I never reference them in my client side code?