Speaking from a point of view of cryptography and keys in general, I'd say, yes, there is risk in using your key, that is, if it is your private key.

The public key is just that, its public, and everyone in the world can see it. That's why it makes sense that you cannot post with it. If your public key worked to log in as you, then everyone could post as if they were you.

The private key is never known to anyone but the account holder. This is used to digitally sign messages to say "its the real me". Anyone who knows your private key can forge your signature.

This is where the trust comes in. When you give your private key to the app (which allows the app to speak authentically in your behalf) you are trusting that app not to transmit this key to someone for illegitimate purposes.

There is no way to safely trust any app that does not make its source code known. This is why Bitcoin Core works so well. They put the raw source code out in the open, ready to be vetted and scrutinized with a fine tooth comb and magnifying glass by everyone in the world.

Closed source is like saying, "Just trust us, our code won't do anything bad."

Edit: As for the scope of potential harm, yes, the Posting private key, according to the site, is limited:

The posting key is used for posting and voting. It should be different from the active and owner keys.