The logic is this (I work for Spotify): requiring our developers to jump over a bunch of hoops just to get their API key into their binary will not be worth it - the developers will be disabled by it and everyone will be unhappy.
However, we donโt want the keys to spread, simply because if everyone uses one key, we cannot reliably track it, and if this key is ultimately used for something malicious, and we kill it, a lot applications will be suddenly broken.
To force in a terrible car analogy, imagine that an API key is a valuable item, and your application is a car. If you leave the item on the car seat (i.e., having your API key in plain text), you practically invite someone to hack and steal it (i.e. use your key in your application). If you put it in the glove box (compile it into your binary), if someone breaks your car (parses your application) because he knows that the item is in the glove box, this is pretty much a game anyway.
In short: compilation in the key is an absolutely safe protection against obscurity, but we feel that it is enough to discourage people from accidentally reusing the API keys of other applications when it is quite trivial to get from us directly.
I assume that the essence of my question is this: how can I avoid breaking ToS without requiring each user to get their own key?
If you distribute your application in binary form, compiling it is fine. If you distribute it in its original form, you cannot include the key.