Google API Key Application Restrictions – Is It Secure?

I believe an IP address or http referrer can be spoofed, so can I trust that Application Restrictions (configured in the Google API console) will prevent unauthorised parties from using my Google API key?

Refer this SO thread for background info