I’m not sure I understand. If I get an API key to stock quote API, I can’t imagine how they would use that to get my credit card details to go make purchases on Amazon. The worst case is that they could use that stock quote API with my API key, using up my limited service. Even if I used my credit card to secure or pay for the API key, in order to get access to my account details I still need to use my username and password. The API key is only to access the API, not to access the account. I’ve never seen it set up where you access your account details with the API key. Even if you could, the credit card details are usually masked.
And if the API key is free? Then there is no problem because that account and API key are in no way linked to your credit card details. It poses no more risk than if you lost your library card.
If you’re doing the front end projects, just look for ones with no API key (like the weather API that FCC built) or ones with free keys. Without a backend, there is no way to hide the API key.
When you start building professional sites, you’ll need to hide those keys in the back end, in a .env file that stays hidden. But don’t worry, you’ll get a chance to do that when you do that backend challenge.
But unless you’re going to build a server, there’s not much you can do. Don’t worry about it for the front end section. Just remind yourself that it’s a little sketchy and that you’ll learn the proper way to handle it later.