If everything else is secure and so on and so forth the other main concern is handling stuff that should remain private and not overwriting (or including your database) certain configuration information in pushes and pulls to and from public repos.
Much (all?) of this can be handled with a well constructed .hgignore but you may want to look into moving some items into a ./private directory. Items that require attention might include: databases, auth_user db.py users, email addresses, settings and passwords auth.settings.hmac_key (???) janrain account information amazon accounts .hgignore items to consider *~ db.py *.DS_STORE *.pyc *.pyo *.bak *.bak2 cache/* private/* uploads/* databases/* sessions/* errors/*