The best was to protect yourself, if you do decide to allow automatic API downloads, is to restrict your API key to contain only read-only permissions. Most exchanges will allow you to do this and it ensures that no third-party can execute transactions against your key. If you cannot produce read-only keys then we recommend that you do not share those keys with us or anybody else. No third party should have transaction power on your exchange API keys.
Finally it's important to know that we will never share any of your data with third parties. We will never sell or distribute your data and if you need help with analysing your data we will ask permission before viewing it. We would rather go bankrupt then have to survive by selling your sensitive data and we really appreciate your support when purchasing one of our very reasonably priced plans.