Sometimes, an API Key can be compromised. This can happen for many different reasons - forgetting the key at a git repo or something else. If you think your API Key is compromised you can revoke that key.
At your User Profile, find your key at list and press Actions button, choose Withdraw action and confirm action.
The API key will still be listed and not removed, just disabled.
Revoke API Key Interface
What is possible via the API Key
Using the key you will get access to the same powers as the user, but you don't have to use username and password to login.