Ask HN: Safe? API Keys in Your JavaScript Client.

When building Single Page Apps with whatever-flavour-of-the-moment JavaScript framework, how do you go about securing access to API keys for your application? This is separate to user authentication. I'm talking about allowing application A and only application A to access your REST web services. Traditionally I've used an API key in server side apps, but in a client-side app, that API key is there for all to see and abuse. This must be a common problem. How have other companies dealt with this problem? More to the point, when all of the REST requests require authentication, is it even a problem?