Okay, so it's possible someone might accidentally publish their passwords with an unwise git commit, but has anyone actually done this? Can anyone point to a real life example?
Yes! There are tons of accidentally-uploaded profiles on github, for instance. Search for the readme string and you'll see a number of very dangerous commits.