It appears that the Mapquest API keys are semi-permanent keys and thus cannot be handed out to a browser securely.
Is this correct or am I missing something? S3, Mapbox, and other APIs allow creation of temporary tokens that allow temporary access to the browser so that the browser can directly fetch information from the server.
It seems to me what I'll have to do is store the keys on the server and create a proxy service on my server to add the securely held keys. (I'm primarily doing reverse geocoding). Is that correct?