Correct.
Authorizations for development are more important than developer keys and even system change settings in some cases.
There is no standard maintenance dialog to remove the keys. They represent a log that the key was used by the user. It is not a real risk as the keys are assigned to the installation number so a misuse can also look in the DEV system to get the key for the user name. More important than access to the key is that it was used -> you must protect that via authorizations and system settings (and code scans for programs that bypass this).
If you search for the topic DEVACCESS you will find lots of useful discussions / solutions from the past as well.
Cheers,
Julius