Considering that key has to be included in the <script>
tags of your HTML pages, to load the JS files/data from google’s servers, there is nothing you can do :
- you must put it in your HTML files
- every one can take a look at those.
Still, it doesn’t really matter : if anyone tries to use this key on another domain than yours, they will get a Javascript alert — which is not nice for ther users.
So :
- There is nothing you can do ; this is the way it works
- And there is not much you should worry about, I’d say.