Client-side code is becoming ever more popular with developers who are taking advantage of Dynamic HTML to create interactive applications that are faster and more versatile.
However, this type of coding, which executes embedded or associated scripts on the client’s web browser, does pose some problems for itself. The biggest risk is the security compromise created by having exposed source code on a user’s device which is beyond your control
In the same way that smartphones can be jailbroken and other hardware can be cracked, client-side code is vulnerable to hacking and misuse by anyone who has the ability and inclination.
The simple solution of using encryption is not viable since the device that guards the API key is the same one that is easily compromised. While there is no real way to prevent this type of attack from a determined hacker, there are ways to put off less-determined ones.