Looks cool, but definitely a security team's nightmare. Putting an API key into some random HN'ers hobby project is a bad, bad idea, whoever you are (not saying you're a bad actor, but a zero-trust policy would agree with me).