You can check here: Secrets and Credentials
There is no AI model that run locally, it’s all on openai or if it’s their own model (like for copilot++) on their own servers. With privacy mode they don’t store the prompt, but it doesn’t mean it doesn’t reach their servers to be processed.
That’s one reason people would like some of those model to run locally.
I also understand and share that concern as well. But putting secret in a code base is bad practice anyway, .env is good for local dev, but I would not use that for production.