Two simple ways, which are common sense...
1. Don't store credentials alongside code, ever. Change the code so that it picks up the credentials elsewhere, outside of what you commit to public (or any) repositories.
That's best practice, if not common sense.
Failing that, at least learn the ropes...
2. Use .gitignore to avoid pushing sensivie files.
Blaming it on the used framework is lame. But hey, everybody with little to no clue can call themselves "developer" these days and share the result of that for free with world and dog.
Biting the hand that feeds IT
