user passwords are stored in *.user files so it is only database connection strings that are not protected.
@@ -125,8 +125,8 @@ publish/
# Publish Web Output
*.[Pp]ublish.xml
*.azurePubxml
-# TODO: Comment the next line if you want to checkin your
-# web deploy settings but any saved passwords will be unencrypted
+# TODO: Comment the next line if you want to checkin your web deploy settings
+# but database connection strings (with potential passwords) will be unencrypted
*.pubxml
# NuGet Packages
Ben Bodenmiller