The risk is small and we do provide a way to make it secure.
There are two ways to reduce the risk of your token being abused :
Our system allows a token to be locked to a specific domain(s). Usage on any other domains will be denied.
Use a data relay script on your own server. This will hide your token on your server and you can implement additional security there.
This answer assumes you are using the client side JavaScript integration. If you are using a server side integration, it will not be applicable as your token is then already hidden in your server-side code.
Please get in touch if you would like more information on this topic.