So it sounds like you're not really clear on how Splinterlands security works. The *only* thing you need to move a Splinterlands card between accounts is the ability to make a custom_json transaction on the account that owns the card. Which means that if you're granted posting authority through SteemConnect, anyone who hacks either your server or the account you're using to hold the authority can steal the cards of everyone who has granted that authority. If you're able to make the custom jsons for your game, you will be able to make the custom jsons for Splinterlands; there's no technical distinction between them. This sort of hack happened to Utopian last year, fortunately before Splinterlands cards were a thing; if it can happen to them it can happen to anyone.

Similarly, putting the key into SteemConnect over and over is risky: it can be read from your screen, or it can be taken by fake SteemConnect clones (this happens a lot).

The only way to secure assets in a way that I'm comfortable with is to hold each application's assets in a single account which does only the operations which are necessary for that application. So I have an account that plays NextColony, which uses auths; it doesn't do anything else. Not only does that make my NextColony assets as secure as NextColony itself, it also doesn't allow anyone who compromised NextColony to take my Splinterlands cards, which would be possible if I used the same account to play both games.