The article is really not clear. Is it saying if a project is forked, then the original is made private, the fork can access data from the private fork?
potentially enabling malicious actors to access sensitive information such as API keys and secrets even after users think they’ve deleted it.
Is this saying people misunderstand git and think committing a deletion makes people unable to access the previous version? Or is it saying the sharing between public and private repos can expose keys in private repos?
If you accidentally commit an API key into a public repository... you need to roll that key. Even if it was deleted completely, someone still could have accessed it while it was there.