Do I need to keep my AWS Access Key ID secret?
If you've signed up for Amazon's Web Services, you were issued an AWS Access Key ID and a Secret Access Key. The Secret Access Key is not used when making queries to A2S. It is only used with the Amazon Web Services that are not free. You must keep your Secret Access Key private if you are using any of the paid services. But, your AWS Access Key ID is not secret.
Your AWS Access Key ID appears in URLs when XSLT is used on Amazon's server and in the URLs returned by A2S. So, it is obvious that Amazon had no intention of the AWS Access Key ID being kept secret.
Although Amazon's AWS developers have not expressly stated it, the AWSAccessKeyID used in calls to A2S from an application should be the ID of the application's developer - not one assigned to the user. This would allow Amazon a way to identify and contact the developer if necessary (in fact, the IDs used in calls to the Associates Web Services were once called "Developers IDs").
If someone were to use your AWS Access Key ID to abuse the web services, Amazon would not block your access to the services based on the ID. They can't because the ID is not secret. Most likely, they would block access based on the offending IP address.