No, you can't personally go replicate the steps the author performed to retrieve the Vine source code on your own today, but that's the nature of responsible disclosure. Vine was responsive to the vulnerability report and closed that leak, which enabled the author to create this writeup of what happened.
Multiple major security flaws:
1. Company source code should only be published to private docker images.
2. You should never store API keys or passwords inside the source code. A better approach is to use environment variables and have the container read those.
A better way is to store it into a config file and store them into global variables at the start of the server (while globals are normally bad, it is ok to use them for thinks like configs if you don't plan to change them after initizalization. Environment vars are globals after all).
I don't think using config files is a bad solution, it just isn't categorically better because some programs have been written to dump env vars on a crash.
EDIT: Rationale: The title of this thread reflects verbatim the title of the link, but I still think a more informative (less misleading) title should be considered since this is HN and at least 50% of the people who see this will think they can get source.
Some years back it was people uploading their entire .git folder and accidentally hosting it online because they didn't understand how Git worked. Now its people accidentally hosting their docker images containing all their code publicly.
With each wave of technology its necessary to have devops people whose dedicated job is to understand how to set things up securely, and handle setting things up for engineers to use. Otherwise engineers will make mistakes through ignorance or just rushing to solve a problem without doing all the research. This doesn't mean that engineers can't be responsible for helping set things up or that they are free from responsibility to understand what they are doing, but a dedicated devops team serves as a protection to safeguard against issues like this.