You are required to provide the certificate key, because without the key all of your users would strand and the buyer wouldn't be able to market to them or push out updates. Since the users and traffic are very much a big part of the sale, this must be provided to the buyer.
However, we were conscious of this situation before starting Apptopia and have taken some major legal steps to protect you (for example, in a case where you have one certificate key for all apps, versus having app specific ones).
If you look at our Purchase and Sale Agreement (which you can always view in your Transaction Center), and look specifically at Section #9, it will tell you all about Certificate Keys and their protection.
We have used very strong language to protect you, the seller. If the buyer was to somehow ever find a way to do something malicious with this key, which would be very hard for them to do so, they would be immediately legally liable for all losses, including legal fees the entire value of your portfolio.
In fact, legal protection like this is a massive reason people work with Apptopia, as we provide a lot of protection for our sellers!