Travis CI quietly fixed a bug that exposed secret keys

For at least a week, cloning a public repo made upstream environmental variables accessible

From at least September 3 through September 10, public open-source code repositories that used Travis CI exposed their sensitive keys, credentials, and tokens to potential theft.…

from The Register