They are talking about client-side APIs, but the limits are not per client IP address. They can look at the referer header to see what site embedded the map.
Google blocks you from seeing referred search terms and you flip it around so they can't see what server the requests on their API are coming from. Seems kind of fair, right?