just got paged because some genius hardcoded their api key in a public repo... now we're dealing with a full-on security incident