Exposed Google Maps API Key

Hi, I have a concern with the theme’s Google Services API. For the site, we are using an API key with no referrer restrictions that has the Maps Javascript API enabled and the Geocoding Service API enabled. I’ve checked the API key against the theme and the theme accepts it as valid key. One issue that I found is that even though we have the Maps Javascript API enabled, the map does not render properly on the locations page (I have that listed below). To get around that, we had to install another plugin, but I have that disabled right now. Another issue that I’m more concerned about is that the API key is exposed on the front-end via this code below. It seems like this is needed to render the map on the page, but I can’t test that since it doesn’t even render the map properly.

<script id='avia_gmaps_framework_globals' type='text/javascript'>
 /* <![CDATA[ */  
var avia_framework_globals = avia_framework_globals || {};
	avia_framework_globals.gmap_api = 'API_KEY';
	avia_framework_globals.gmap_version = '3.38';	
	avia_framework_globals.gmap_maps_loaded = 'https://maps.googleapis.com/maps/api/js?v=3.38&key=API_KEY&callback=aviaOnGoogleMapsLoaded';
	avia_framework_globals.gmap_builder_maps_loaded = 'https://maps.googleapis.com/maps/api/js?v=3.38&key=API_KEY&callback=av_builder_maps_loaded';
	avia_framework_globals.gmap_backend_maps_loaded = 'https://maps.googleapis.com/maps/api/js?v=3.38&callback=av_backend_maps_loaded';
	avia_framework_globals.gmap_source = 'https://maps.googleapis.com/maps/api/js?v=3.38&key=API_KEY';
	avia_framework_globals.gmap_avia_api = 'https://SITE_NAME.wpengine.com/wp-content/themes/enfold/framework/js/conditional_load/avia_google_maps_api.js';
/* ]]> */ 
</script>

I would be fine with exposing the API key if we could set a referrer restriction but it seems that the geocoding API doesn’t work when a referrer restriction is set. Can you help me with this? I have provided credentials below.