No matter what you do you are going to need to send sensitive data over to your server to process the text. Ideally, if you are offering this solution you would let the user run the software on their own hardware. Most people are against posting their API key to a closed-source solution.
The main difference is that instead of opening yourself up to a lot of attack vectors you are narrowing it down to a few that can be avoided with good security practices.
There’s no doubt that you, and I will expose potential opportunities of leaking private information. Sometimes through libraries we use, or just bad/overlooked errors in our code. The biggest difference is similar to how stores in high-crime areas operate. They make it very clear that they do not have any cash worth stealing. Most anti-theft, security systems are deterrents.
So if I see that your webapp offers a free trial and stores all these keys in the database I just see money. I know that if there is an exploit that your code has fallen victim to, I can potentially access your database and rob you blind. So a zero-day exploit releases and all your keys are stolen. What do you do? Say you’re sorry and tell people to delete their keys immediately?
So, yes, my opinion isn’t perfect either. There is no perfect solution. I build my applications with the expectation of being hacked/having data leaked. (I read your reply as being rhetorical so that’s why I answered like this). If it wasn’t rhetorical then you would simply process the request as normal, and not store the key anywhere.