The only security incident I've had in my career was due to Git Butler - it committed temporary files into GitHub without me explicitly approving it! Of course, it was a private repository, but still, it became impossible to delete those secrets because there were plenty of commits afterward. Given the large file tree and many updated files in the commit, it wasn't apparent that those folders got sneaked into the commit.
So, I really hope security incidents don't come after Git!
Just a reminder that even if you managed to amend those commits and force-push, the commits would still exist and will be addressable given the hash is known.
I am fully aware of that. Rewriting commits of code already pushed to production with container images, etc., is just crazy. And GitHub charges an arm and a leg for Advanced Security. And it ignored my pre-commit Git hooks, which include GitLeaks.
So, I really hope security incidents don't come after Git!