I have been working through Security Journey training the last couple of weeks, and one of the lessons I had this week was talking about securing your code, including decision regarding what parts of it can be kept in public repository(s). The lesson, essentially is advising not to make the code public, because knowledge of the code can be exploited, if there is a vulnerability there, and because others can replicate the code, too. While these are absolutely valid risks, that’s not something I will do.
https://www.simbiat.dev/talks/threads/440