Vouched as this seems like a question others who use Stripe could sort out.
As little as I know about check outs, (I know nothing,) I'm unsure why a public key would be used to pipe the request to Stripe? Surely any request to a third party needs an additional security measure apart from being merely being logged into the site.