You can clone with
HTTPS or Subversion.
It makes these credentials public...
Fixed, thanks for pointing out!
For those of you with existing apps, make sure you update your Watchfile:
Thanks for your quick fix ;)
Should make this more bullet proof, in case the Watchfile is changed or anything strange happens where those files are put in public. Maybe a regex or warning before git commit if there is a file in public matching a pattern. Or add to gitignore... Will keep in mind.
Or just make them JSON files?