Scopes are the point
Most products treat an API key as a single, undifferentiated grant of power: you have the key, so you can do everything the account can do. That is convenient exactly until the key leaks, at which point it is the worst possible design.
Here, a key carries only the capabilities you attach to it. Reading agents is a separate permission from creating them, which is separate again from deleting them, and the same is true of training sources. A key that only needs to read cannot delete, no matter who ends up holding it.
This matters most for the keys you are least careful with. The one in your CI pipeline, the one in the internal dashboard somebody built in an afternoon, the one pasted into a shared environment file. Those keys should be able to do one narrow thing, and with scopes, they can be.
Reading, creating and deleting are separate permissions, for agents and for training sources alike. A key that only needs to read cannot delete, no matter who ends up holding it.