I was notified about a security vulernability from an email and LinkedIn message that my files were available in cleartext from the .git folder on my site feather.greenrobot.com because I didn’t have an .htaccess file prohibiting it. As far as I know data wasn’t accessed, just my code including database credentials. feather.greenrobot.com currently has 3 users.
One way to do it is this line in .htaccess:RedirectMatch 404 /.git
Another way I do it is not putting the git repository in the public_html folder, but one level up not being served by Apache.
The same applies for .svn folders. I don’t know if svn is like git in that the clear text of the code is available inside it’s dot folder, but it’s best to prohibit it in the same way as git I think.