The Flatfile license key is safe to expose and comparable to something like a Typekit ID. It only associates the upload to the account making the upload. Data cannot be accessed on an account using only the license key. We would work with you to address any malicious imports in the unlikely event a user imports data into your account, but the license key itself is not a security vulnerability.
Currently there is no way to completely hide the Flatfile license key, but our product team is working on domain authentication to provide a little more peace of mind.