Idiots commit private data to public repositories. Film at 11.
I don't think this is in any way the fault of GitHub, or a bug. Simply put, you shouldn't be committing anything to a git repo that you didn't want in the repo. Doubly so if it is a public repo. A database full of your auth cookies might be a juicy target, but the same could equally well be said about the fools who commit their AWS keys to public repos, or database connection strings containing credentials, or anything else private and/or sensitive because thy don't understand the concepts of user secrets and .gitignore files.
In short, it's not GitHub's job to fix stupid. You'll find a linear solution to the travelling salesman problem first.