The unfortunate happened to me a few days back. While pushing a project onto a github public repo, I had forgotten to replace my mysql password with a dummy one. So, it was out there in the open for almost 1 entire day before I noticed it.
Fortunately for me though, I had an additional layer of security implemented. My phpmyadmin page was protected by HTTP basic auth so attackers could not access it without a second password. Yes, I know basic auth is relatively insecure but I reasoned that it would be acceptable as a 2nd layer of security. Furthermore, I make sure that connections are over SSL to reduce the risks of compromise.
Layered security has paid off this time round. Now to figure out how to protect my SSH logins with a second layer for added security.