Anyone with write access to the themes can completely hijack a users session. If you don’t trust someone doing that, you should not trust them at all. And if you do trust them, you can just make them admin.
That was how example , more clear i don’t want give access where api keys’ but give to other to other settings sections. For prevent that admin from copy that keys and use some where at 3rd place at future as example for testing some thing
not necessarily even for evil intentions, yet this is quite an alarming section in the case of, for example, a github key. The administrator may not be related to the repository at all, but administer the forum if necessary. But I didn’t want him to accidentally compromise the keys, simply by “copy them and then they be stolen from him.”
or mistake remove them.
because of laziness to get your own, and in the case of tweeter and google, everything is rather contradictory there, since those keys are not now distributed to the all who write “i want acess”, and even an accidental compromise of keys can lead to disabling access to the api.