Comment by Arubis

If I had a dollar for each secret I’ve committed to a public repo, I could probably buy a couple of sandwiches. I’m not smarter and my opsec probably isn’t any better than most old devs, but I also don’t have a treasure trove of government secrets on disk and—crucially!—_I would make different decisions if did_.

The nuance here: when I’ve slipped and committed secrets, it’s typically a relative nothing burger: most common case is API keys to some third-party service. I’ve worked across a bunch of regulated industries and, within those, not caused a breach—because being in that space you know to be more careful, and because the companies in those spaces (wisely!) tend to support good security practices, more so than the industry average.