I was poking around in /data/project/ just now, looking for examples of how other tools
set up their django apps. I was surprised (well, only a little) to discover that
there's a few world-readable app.py files that have their django_secrets embedded in
them.
That's not a good idea folks. Secrets should not be stored anyplace that's
world-readable.