Attackers don't just guess your passwords. They scrape GitHub repositories and...

https://wiki-aero.win/index.php/What_is_Search_Exposure%3F_Understanding_Your_Public-Facing_Vulnerability

Attackers don't just guess your passwords. They scrape GitHub repositories and LinkedIn profiles to build perfect profiles of your infrastructure. When you leave SSH configs or API keys exposed in public repos, you hand hackers the keys to your kingdom