Perhaps. A SQL injection hole could potentially expose API keys, or there could be a vulnerability that lets an attacker add an API key.