Yup! That's true. If at any time you feel that you have been compromised, never hesitate to reset those keys and passwords. In fact, it should be the first thing you should do before messing up the commit history. The less time the API key is valid, the better it will be for everyone (except potential hijackers).
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.