I had the same issue about .env files here - Cursor reading .env files. And it is still doing that
Environment files like .env and .env.local contain sensitive information such as API keys and database credentials. Allowing AI tools to access these files by default poses significant security risks, including potential unauthorized access and credential leakage. To mitigate these risks, it’s essential that Cursor’s default settings prevent AI from reading such files. Relying solely on users to configure .cursorignore files isn’t sufficient, as this approach can lead to accidental exposure of confidential data. Implementing a default block on access to these credential files aligns with security best practices and enhances overall trust in the platform.