I dunno. For one thing, those companies are paying GitHub a lot of money for the enterprise version, separately hosted (right?). The data isn't actually available to Microsoft employees or LLMs, absent some security flaw or backdoor. For another, companies that pay for this also (sample size is small, though) have automation that scans GitHub repos, issues, etc for any secrets and require them to be removed and scrubbed from history, implying that they don't trust even the self-hosted GitHub Enterprise as much as you do.
I see secrets as a different issue. Putting those in an issue or repo exposes them to potentially hundreds of people within your own company, that's bad practice.
