This morning I opened my inbox to find an alert from GitGuardian about a leaked key. My first thought: Great, another phishing email. Nearly deleted it on the spot. Then I realized yesterday when I was using Cursor to bulk-update my scripts, I d left the API key in plain text
