Thanks for submitting this feedback! We only record the public key that was accepted by the SSH app, but it's true, the logs could show all the public keys attempted for authentication.
I'm also going to update the docs to suggest providing your username for the service whenever logging in, in an effort to avoid leaking your host username unintentionally.
Creating new keys and using those will also enable you to create multiple accounts on there.
Also, I think this service might need a reserved username list. admin, abuse, cgi or even ops, help, spec ..or ?foo=42 are all available and possible right now.
To prevent this I guess you have specify a username and create a specific key and use that: ssh -i key unknown@lists.sh