I read an older post about Braintree orange vs. blue.
From their sandbox, they have a Merchant ID, a public key and a private key on the server side
and then on the client side, they use a CSE key in JavaScript.
But it looks like braintree.cfc is using a Username, password, SecurityKey and SecurityKeyID.