As a cybersecurity consultant, I've run into this a few times: a customer was using "git push" deployment and forgot to back up the .git folder on the server, leaving their source exposed. Turns out this is not uncommon!
Success story sharing