I have a site on Squarespace and I'd like to show some data from other places (E.G. the One Call API from OpenWeatherMap). It is a free API.
As far as I know, there is no way to completely secure API keys on Squarespace (unless you are using some of their listed commerce APIs. If I put the API key in any file on the site, it will be exposed, since Squarespace is frontend by definition, and frontend is not safe for API key storage.
Assuming I am only going to use an API key to a free API plan, what are the risks associated with publishing a free API key such as the OpenWeatherMap API key on a Squarespace file?
Rate limits
Given your example, I would think a risk is that OpenWeatherMap might receive too many requests with your API key and shut down your access.
Typically, free API keys are provided with rate and/or total request limits. If one or more people used your key to make requests of their own, especially using scripts at a high rate or volume, the provider might consider it abuse of their service.
Terms of use
The other thing to consider is that you might have agreed not to share the key, and to make reasonable efforts to keep it private, when you requested the key. If so, posting it where anyone could get it would be a violation of your agreement.
Likely, the only risk for you is getting temporarily or permanently blocked from using the service, but that is probably the practical extent of it.