Hmm, yes, no signatures there. Even if did exist wouldnt really make sence. If someone viewed the source to get the key, they could get the siganture directly (the URL is no per request unique)
But you get 25,000 map loads per day. You would need a be doing a absolute shedload of active development to burn though that.
The damage someone else can make to that quota is also limited. Would take some very dedicated engineering to use much of it. Even some sort of auto-refreshing page is likely to trigger other anti-abuse measures before can make a dent.
The motivation to use your key is really low. As mentioned it bad as a DOS vector, and keys are very easy to obtain. Can even get away with loading the JS api without a key.