The developer didn't do something entirely stupid, he thought he was submitting to his private repository and, without GitHub's mistake, that's what would have happened and we would never have heard of it.
He apparently would not have included the keys if he intended to use a public repository.
To me this story is just another confirmation of "never put confidential data in the cloud". Ever. Under no circumstance.