Still trying to understand and get it all clear in my head too.
But, I think that they're actually 2 different things.
The rndc key is just so that you can issue rndc commands on the local machine:
In order to prevent unauthorized users on other systems from controlling BIND on your server, a shared secret key method is used to explicitly grant privileges to particular hosts. In order for rndc to issue commands to any named, even on a local machine, the keys used in /etc/named.conf and /etc/rndc.conf must match.
And it seems like I've been setting BIND up to use a seperate key/secret for zone transfers to the slaves.
So, I think the rndc secret needs to be there so that the local machine can speak to itself at the very least.
But it looks like maybe using the rndc secret may work for the secret in the slave as well. Haven't tried or tested yet though, it's heavy reading eh!