there's many ways an idiot can shoot himself in the foot. i'm however not sure if adding half-assed workarounds like the aforementioned .htaccess idea (you ever heard of anything other than apache, op?) to try to stop them from doing so is our job.
the fossbytes writer guy has a point in that a vast majority of "web developers" are drooling retards. you don't even need to engage in srs hackery like git-cloning some shit site, they make it easy for you by keeping their ec2 credentials
and database passwords and stuff right on fucking github.
also, config.php in tt-rss is mentioned in .gitignore. if someone force-adds it to the repo and gets their shit stolen they aren't going to receive any sympathy from me.