If I include my own openai api key or a paid api key from another 3rd party service (ie Google or Pushover), is it safe and secure on the BotPress cloud servers - or is it something a knowledgeable end user could discover?

That's a great question! I would say it's about as safe as adding those keys in any other application. So long as you don't expose the keys in any way, they remain private.

Thanks - but I guess I’m asking if the key itself gets transferred to the users computer for execution - or does the code get executed on the BotPress cloud server and just the result sent to the users computer?

the key doesn't get transfered to their computer. Message processing happens in our servers.