pkmnct
commented
4 years ago Yes, the API key is exposed, though this is how Google recommends using their Maps API. There are steps that can be taken to minimize the risk associated with this. See Google's documentation on Adding restrictions to API keys.
If you're interested in more information, I recommend reading What steps should I take to protect my Google Maps API key on Stack Overflow.
From my research, this seems to have a quite severe vulnerability in that you have to copy and paste your API key directly into the client-side javascript. Since this is a billable API key, couldn't any survey respondent scoop it up and then use your key to do things that would result in you being charged?
I'm no web developer, but that seems to be the case.