The rate of creation is like meh, but being able to enumerate all of the repos might be problematic, following new repos and scanning them for leaked credentials could be a negative... but github may have a feed of new repos anyway?
Also, having a sequence implies at least a global lock on that sequence during repo creation. Repo creation could otherwise be a scoped lock. OTOH, it's not necessarily handled that way --- they could hand out ranges of sequences to different servers/regions and the repo id may not be actually sequential.
Email, bleh, I'm sure I'm not the only one who basically /dev/null's emails from github about pearl-clutching "security" but I wanted to point out that for quite a few providers they actually have an integration to revoke them if found in a public repo, which I think is way more handy
You can turn those GitHub security warnings off if you don't want them.
>quite a few providers they actually have an integration to revoke them if found in a public repo, which I think is way more handy
Yes I've also gotten an email from Amazon saying they revoked a key someone inadvertently leaked (but so long ago I only remember that it happened). I read my AWS emails at least.
Also, having a sequence implies at least a global lock on that sequence during repo creation. Repo creation could otherwise be a scoped lock. OTOH, it's not necessarily handled that way --- they could hand out ranges of sequences to different servers/regions and the repo id may not be actually sequential.