I voted for oppostion on this flag because I fully trust my API key in OP his hands. I dont understand all the hate on the OP his bot. I am using his arakne service and I am fine with the risk involved. I am not going to deny he cant liquidate all my funds, but that is the risk u have to take. Same thing as when u copytrade or let some company do the investing for you. There are always risks involved.
About the private key thing. API key is not a private key since it is not from the bitcoin blockchain, but from your Bitmex account. So basically the API key is a secret key for your bitmex account, not the btc that is in that account. So yes you OWN your account with the API key, but the funds are still on bitmex. I understand the confusion here. Because you can also say that the API key is access to the bitmex funds in the account. In this case u also have to trust Bitmex with your funds. So its not a real private key to the btc network.
If anyone wants to have my read only key send me a PM. I will be happy to help confirming I am a legit user of the service provided by the OP.