[antics]

Before we all grab our pitchforks, I have just gone through the entire first page of results and a huge majority of them were explicitly noted as test applications. Sometimes you can see this in the names:

    test / rails_app_v3 /
    test_app / config

In many other instances, things are not as the seem. For example, some of these results come from commits where the author is moving the token to an environment variable. For example: https://github.com/cimm/blathy/blob/2d3a9550d3a0be55db8e26a2...

I certainly agree that we should all be security conscious, but I'm also a fan of keeping perspective. Things are bad, but let's keep the truth in mind too.

[TazeTSchnitzel]

Also, for the ones that were not test apps, they may be the testing/development secret keys which are different from the production secret keys. I do this myself, where the hash salt and API keys for my local development server are different from those I use on my production server.