There is a need to conduct proper due diligence on your web properties. You need to have proper controls in place like a web application firewall (Full disclosure, I do work for Akamai in my day job) and ensure that youre reviewing your code before pushing it to production. There were some funny examples but, none that was better than DB_password=secret I couldnt help but to giggle. These are all preventable problems with the right amount of forethought.”]
Source: https://www.csoonline.com/article/3030250/when-your-environment-variables-are-showing.html