Remember the days, before OAuth, when a website would ask for your email password(!) to sync contacts? That's what it feels like now with OpenAI api keys.<p>Understandably, many new OpenAI-based apps are offloading their requests to client-provided api keys. They just can't scale otherwise. However, I don't want my key used for any old thing. They are secrets, after all!<p>Is there any work being done in this area to improve security? How do you see it evolving?