"Do not embed API keys directly in code: API keys that are embedded in code can be accidentally exposed to the public—for example, if you forget to remove the keys from code that you share. Instead of embedding your API keys in your applications, store them in environment variables or in files outside of your application's source tree."
I tend to agree. I think if the api_key option is given to new() that should be used for the data lookup, but not get embedded in the result from onload_render().
According to Google
"Do not embed API keys directly in code: API keys that are embedded in code can be accidentally exposed to the public—for example, if you forget to remove the keys from code that you share. Instead of embedding your API keys in your applications, store them in environment variables or in files outside of your application's source tree."
I tend to agree. I think if the api_key option is given to new() that should be used for the data lookup, but not get embedded in the result from onload_render().