Are you saying that when you connect with your Metamask wallet, Metamask is sharing your private keys with that website? I wish there was a tutorial on how Metamask works and a whitelist of safe dapps you can use.
Recently I connected my metamask wallet to a website for an NFT raffle and I wondered, "I feel like a fool; am I just writing a blank check to this nft website? What is the limit of what they can take out of my wallet? How can I know these things?" The only safety I have is the fact that I have a low balance in that wallet.
I am a newbie and I get overwhelmed by web 3.0; this is too much to learn and too much lack of safety and clarity.
Metamask does not share private keys with any website. If a website asks you to enter a private key, that's what you need to make sure it's secure. Except like the import in trust wallet, which does require you to enter a private key. However, if it's an airdrop, bounty or foreign web service asking for a private key, that's the one you should leave.
Remember, smart contracts can drain the money you have if you just give permission/approval.