This sounds like naivety to me. I would bet most people here have committed a secret, even if it was later caught in a code review. If this wasn’t a common issue, all those tools that scan repos for secrets wouldn’t exist.
I once put secrets on a wiki page because I copied log snippets and a third party library naively dumped HTTP headers into the logs without filtering out their own API key. I shouldn’t have assumed the logs were secret free, but it’s also not an unreasonable assumption.
I once put secrets on a wiki page because I copied log snippets and a third party library naively dumped HTTP headers into the logs without filtering out their own API key. I shouldn’t have assumed the logs were secret free, but it’s also not an unreasonable assumption.