If you post your source code to github you know it will be public, and might remember to remove passwords from debug code etc., however if you expect it to be private, while it's not, you might be lazy and store passwords in plaintext in the code. A horrible thought for a programmer, yes, but human beings are lazy.