I doubt this "saved passwords" is the issue, but people choosing guessable passwords. Especially with the bit-coin attacks on the Github CI sandboxes, thee attackers don't care about the repo that much but they want access to the X% of github accounts that use a top 100 or top 1000 password, so they can get in and start mining.