I have been running all my Instant API's through Azure API Management Portal. It works pretty awesome and allows auth keys, etc. It also gives me usage stats and other cool stuff.
If you get compromised you can easily change both your Instant API url or simply change your Azure keys.