Re: Moving keys from source to a server won't fix the problem
The typical way the authentication service works is that the _service_ makes a call to the Amazon API and retrieves a token; that token is passed back to the client. The client uses the token to talk to the API. When the token expires (1 hour later) the client talks, again, to the authentication service and requests a refreshed token.
In this way the client API ID and secret are never exposed to the end user... but it means there are some risks:
1) @ncw doesn't abuse the authentication service and steals tokens :-)
2) Someone else doesn't compromise the service and steals tokens
3) @ncw has to commit to keeping the service running forever and ever (once the authentication service goes down then rclone will no longer work).
The alternative approach of passing the ID/secret to the client at "first run" prevents these risks _but_ effectively means they are no longer secret (as mentioned; add a print statement) and will be leaked, and Amazon will eventually ban them again.
As @ncw says, the google approach of allowing each user to generate and use their own ID/secret is much better.