Hey Robin!
Sharing your access key just means that anyone who has it can have access to the repository content, but as you said, they can't modify it. So it's not considered a security risk. 
I've mentioned this in a similar thread as well.
Hey Robin!
Sharing your access key just means that anyone who has it can have access to the repository content, but as you said, they can't modify it. So it's not considered a security risk.
I've mentioned this in a similar thread as well.