What to do... well, first thing is: change the password and if I can, the username. Immediately. Done.
Second thing: purge the repo of the offending file.
git filter-branch --index-filter 'git rm --cached --ignore-unmatch MyBadPasswordFile.cfg' --prune-empty --tag-name-filter cat -- --all
That will rewrite all my commits, but at this point I just don't care. If I did I might leave the file up, since the login information is no longer valid anyway.
Typically I'd also throw in a line in .gitignore, to prevent the file from being seen again.
