This is pretty much a copy of LB-492:

Showing the Live Data Feed Access token on profile pages makes it possible for people to pick it up if they’re snooping on the screen.

This is especially a risk for people who might be streaming or otherwise doing/sharing screencapturing where viewers are able to screenshot the image of the token.

It should be possible to copy the key without showing it, and there should also be an option to show the key if you need it shown—but it shouldn’t be shown by default.

https://listenbrainz.org/profile/ is a good implementation of this.