What security features are in place to ensure nothing is capturing or logging user API keys?

Currently, your API key is stored securely in your browser's local session and is never saved on my servers. When you close the game, it's gone.

In future, when I add the 'profiles' and ability to save games and settings, if users want to save their key, I will use encryption.