I am also really scared by the suggestion that they might 'take a leap' and check if it's valid... Then they have a list of keys and whether they work or not
If you signed up for a service specifically to detect when you compromise your secrets, and the service tells you about it, and you don't change the secret... Why are you then worried that the other party gets compromised?