A long time ago I wondered the same thing, the vocabulary is a little worrying, but what it actually means to uncheck “Private” is to allow that field to be visible from the Bubble Editor. In other words, it means you can access this field in workflows (as well as other places)
That answers your question. Allow me to add the following…
Are you asking for people’s API keys for some 3rd party service and exposing this to your Bubble app? If that’s the case, you must proceed with excess caution You should make absolutely sure that whatever workflow is taking that API key as a source should be 100% run on the client side. If that ever enters your server and stored (Even temporarily. It’s existence in server logs counts) then you’re going to run into trouble if ever you’re audited for PII compliance. Furthermore, if your app ever gets breached and even one person’s API key gets exposed, well - it would be really bad
See these links:
Note: I’m not exactly sure what law or regulation a leak of an API key would break, but it’s definitely something you want to avoid even appearing in your logs