This is much broader case than just key in memo field.
Of course app providers can restrict memo field in a way to not allow posting key material. Some of exchanges do that already.
Also, even if app provider doesn't check memo field, recent nodes would block most of such transactions (but at this point key is in fact already leaked at least to such node).
Unfortunately there are a lot more possibilities here, like posting such key on social media, chats or other public places.