[evansolomon]

> It won't be 100% but I bet the bots aren't 100% either

Bots having tons of false positives doesn't really matter (except to the bot maker, maybe). But GitHub having tons of false positives means customers get annoyed by false alerts, locked data, whatever.

[freeall]

I don't think people will be upset to get an "WARNING: You might have committed a secret" if it's a negative.

You might be right if it really is a ton, but then you work on your algorithm. I think the problem is so big that there really do need to be warnings for these kind of issues.

[smsm42]

Removing such suspicious actions from public /events API and other APIs would probably have minimal effect but have the bots that feed from those not see it. Just one of the possibilities :)