They are stored in the encrypted sandbox of each phone. Not even other apps can access it.
Discussion
That's good... But even if someone stole the keys, it's not like they can gain any information that they couldn't already. The only use would be to post as someone else.
The only thing I can think that would be possible and worth someone's time would be to change the code and make it malicious.