If everything else is secure and so on and so forth the other main concern
is handling stuff that should remain private and not overwriting (or
including your database) certain configuration information in pushes and
pulls to and from public repos.
Much (all?) of this can be handled with a well constructed .hgignore but you
may want to look into moving some items into a ./private directory. Items
that require attention might include:
databases, auth_user
db.py
users, email addresses, settings and passwords
auth.settings.hmac_key (???)
janrain account information
amazon accounts
.hgignore items to consider
*~
db.py
*.DS_STORE
*.pyc
*.pyo
*.bak
*.bak2
cache/*
private/*
uploads/*
databases/*
sessions/*
errors/*
