Unfortunately, for open source applications you have no choice but to
expose the API key. There are other open source projects that had the
same problem using our API.
In those cases, we asked the project to add a comment above the API
key line that says something like:
"If you'd like to use Songkick's API please request your own API key
from http://developer.songkick.com".
If you ever feel that someone might be misusing your api key, let me
know and we can issue a new one. We know security by obfuscation is
not security, but for now, there's no way around it.
thanks
--
Sabrina Leandro
http://www.songkick.com/users/saleandro