For at least a week, cloning a public repo made upstream environmental variables accessible
From at least September 3 through September 10, public open-source code repositories that used Travis CI exposed their sensitive keys, credentials, and tokens to potential theft.…
Source:: TheRegister