If we are considering improvements, I would prioritize files differently. All .dotfiles in $HOME under the 100k threshold (which feels way too large to get generically useful secrets), but then I would try to be XDG compliant, so walk everything under .config/ looking for files under ~1kb (more likely to just hold credentials). Could be more targeted and look for specific shell folders (eg .config/fish) where aliases and other annoying to type data might live.
