The most important thing to remember about GitHub
Never, ever, allow passwords to be pushed to GitHub.
If you write anything with passwords in it, remember to strip them out before committing or pushing. It is best to put passwords in a separate file, and make .gitignore factor it out of the repo altogether, or, better still, put them in a directory outside the repo.
When GitHub first added search to its site, thousands of passwords and encyrption keys were found. Bear in mind that some of these included passwords for pay-by-minute services like Amazon Cloud and you see what an expensive issue this was for some people (and again...) (and, again...). People have code doing regular sweeps of GitHub for passwords and security keys. And we don't mean friendly people warning you when you've done it.
If you do put a password or other security information out there, scrub the file and its history immediately and change the password on the associated site. Instructions of how to do this are detailed on these help pages. Remember that this includes backup files containing passwords, and any security backups your software may make.