@kinopee What will happen is that this will be send to OpenAI (or whatever):
my_secret=123
***DO NOT READ!**
...
Just because the AI says it is not allowed to read it, does not mean that the file is not already being sent.
I find the handling of .env an absolute deal breaker:
Related. Cursorignore etc do nothing for me: CRITICAL .env files are ingested and send to servers - Security Breach