from Hacker News

Remember the days, before OAuth, when a website would ask for your email password(!) to sync contacts? That's what it feels like now with OpenAI api keys.

Understandably, many new OpenAI-based apps are offloading their requests to client-provided api keys. They just can't scale otherwise. However, I don't want my key used for any old thing. They are secrets, after all!

Is there any work being done in this area to improve security? How do you see it evolving?