Can happen to anyone. Makes me wonder if GitHub could do some work to prevent the most common patterns for credentials being exposed.
I'm not sure what would be the best way to that. Perhaps just reject the push with a descriptive error message but editing your git history to remove offending file/data can be pretty messy.
I have a vague recollection that they already do this? I seem to recall someone telling me if you commit AWS credentials to github it gives you a warning...
If Github started automatically blocking things like this, then the problem would be how to allow legit dot files and the like (e.g. you are intentionally including dummy dot files as a "quick start" project template of some kind)?