If you want, you can use Ecency with just your posting key. You won't be able to make transfers, power up etc. without the active key though.
Your keychain is protected by a password, so as long as that is secure, the only way you can be "hacked" is if a site tricks you into signing transactions that you shouldn't. You can always look at the details of any transaction Keychain is requested to sign. If it only requires posting authority, it is low risk.