Thank you for the great article! :)
I'm glad that you explicitly pointed out not posting secrets! One thing I'd like to add is never even commit private keys/API keys/certificates/secrets, even if it is in a random local branch. If that commit is ever pushed to the remote repository on GitHub (even if the secret was deleted in future commits) a site crawler could find it in your commit log and start utilizing it.
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.