My understanding is that it only surfaces the real keys when the request is actually sent under the hood, and doesn't make it available to the code itself, so that LLMs aren't able to query the key values. They have placeholder values for what seems to be obfuscation purposes, so that the LLM receives a fake value if it tries, which would help with stuff like prompt injection since that value is useless.