I agree, no private keys 
But I still feel my api keys are bit open, visible in the UI. I would like to give a suggestion, see what you think?
When creating Config, option to have “secret” option. When the secret option is selected, the value of the config is encrypted using a secret key that is nowhere visible in the UI.
This secret key is only available 1 time when the user creates it, after that it cannot be retrieved in the UI (or it’s never available).
Then when the user calls the config using Moralis.Config.get, the server sees that this is a secret and decrypts the content. Similar to Github secrets the server would prevent any logging of the key to logs (as possible)