If a service requires a shared secret to access, that secret must be visible to your code so it can use it.
Naturally if you connect a debugger you can see it as well.
By storing the secrets in Key Vault, they are not available in the hosting environment's configuration (e.g. App Service's app settings).
They are also not stored in your version control system.
So it helps prevent unwanted access.
They'll still be loaded into the app's memory when it gets them from the vault, but that is kind of unavoidable.
To access Key Vault, a good practice is to use Managed Identities in Azure so that you have no secrets in your code/configuration.