This could be considered a bug report but I submit it as a suggestion for improvement.
It is possible to check the boxes for protecting login page, contact forms etc without entering a site and secret key. This will lock you out of wp-admin, contact forms will fail etc. You need FTP access to the site to remove the plugin in order to login again. I have had a couple of clients who locked them selves out from their sites this way when using this plugin (which is great apart from that).
A simple solution would be to add a conditional check and if key fields are empty the plugin should not try to fire up the reCaptcha even though protection boxes are checked. Or, it should at least not be possible to save the settings with checked boxes marked if keys are missing.