It’s more about security practices before releasing a product. I’ve also been guilty of leaving open security holes or checking private keys into GitHub.