With the Coinos account I straight up uploaded the nsec to GitHub by accident. With this personal one I'm pretty sure it's because I had it loaded into a Coinos account with a weak password on it that an attacker was able to brute force to decrypt it. We don't store encrypted nsecs anymore since adding support for remote signers so no one else should have this issue, it was just in one of my old accounts.