JWT shares basic info securely, or does it?

I’ve read the description of JWT, and it seems to rest on a shared secret, 256 bits long. But isn’t that the basic problem of any secure sharing? If so, how can JWT be considered a solution?

The Diffie-Hellman algorithm does share a small secret securely, but it is so slow in JavaScript that it is not practical. So how does JWT expect data sharing to be practical?

So, if two parties (such as PHP code in the server and JavaScript code in the client) wish to share information securely, how can it be done in a practical way?