[meepmorp]

I've seen passwords and other sensitive config data committed to public repos in GitHub. I wouldn't even be slightly surprised by people keeping sensitive IP or trade secrets there, on the assumption that if it's a private repo, it must be safe.

[josegonzalez]

To clarify for others who might not see this: Where do you think sensitive data - private keys, passwords, etc. - should be kept? For instance, when setting up infrastructure for a company, how would you desire that data be shared across users?

Once might have the same reservations about something like Heroku - or really any cloud provider - given that at some point, you are pushing code to a server that is owned by another company whose security you cannot audit.

[damon_c]

If you use ansible, there is a great feature called ansible-vault that allows you to store all those sensitive bits right in the repo but encrypted and automatically readable by ansible when needed.

[walterbell]

Darwin might have a few thoughts about the long-term economic uniqueness of such companies in a world of "fast followers".