Giving out such an API key is essentially what the infinity dev does, up until the 1st of July at least.
Reviewing the colab's code, I did not find anything susceptible to leak your API key (or other info) to the author.
However, I have also seen users offering to build apks for others (which implies giving out API keys on top of installing software from a random guy). That seems indeed very dangerous.
Someone made a Google collab notebook that takes your API keys as an input, takes care of the compilation and offers you a download link to get your apk. Zero knowledge needed!