How to avoid access to my api key

I would like to know how is possible to avoid my client access to my wpmudev api key.
I mean if i install and configure a wpmudev pluging inside my client site ( not multisite), i know i have to install before the wpmudev dashboard with my user, and i know is not showed( the dashboard wpmudev plugin) to my client.
But what about if the client want to fool me and figure out the famous code to put inside the config.php file in order to have access:
define('WPMUDEV_LIMIT_TO_USER', '1, 10')
What happen in this case?? What do i have to protect myself from a client like this, in order to avoid access to my api key??

Thanks a lot for your help