CISA -- the federal agency whose job it is to protect America's critical infrastructure -- had its own internal credentials sitting in a public GitHub repository for six months. Plain text passwords. AWS GovCloud keys. SSH access tokens. Visible to anyone on the internet with a browser.What makes this worse: the contractor who created the repository didn't slip up accidentally. They actively disabled the default GitHub protections designed to prevent exactly this from happening.