Allowing the *.pubxml files currently allows unencrypted database connection passwords to be stored in plain text. By default I don't think we should encourage people to store unencrypted passwords in repositories.
This relates to #674, #517, #775, & #837.
/cc @sayedihashimi, @niik, @steveoh, @Haacked, @ArturDorochowicz. I don't expect you all to agree with me but I am CCing you for the sake of transparency. Again I don't think passwords should be stored in repos by default.
ignore web deploy settings by default
web deploy settings include unencrypted passwords
fix typo, will squash commits later
Without knowing anything about *.pubxml files, it seems to me that you're right to make mention of it in the template since the reason it was removed initially was for security considerations. I'm reluctant to keep adding and removing this rule, but I think that adding the comment was a good idea, and ignoring it by default is probably sensible from a security perspective.
Since nobody else has weighed in with an opinion either way, I'm happy to go ahead with this. Thanks!