This is the biggest concern I've with Cursor. In fact, even though I use Cursor often, I won't use it on any repository with secrets or personal information. (Based on this news, I'm happy I went that route.)
If the Cursor team is reading, I'd recommend that you give real-time visibility into exactly what's indexed and uploaded and have more rigorous testing and documented guarantees around .cursorignore. That would go a long way toward making people like myself feel better about the product.
If the Cursor team is reading, I'd recommend that you give real-time visibility into exactly what's indexed and uploaded and have more rigorous testing and documented guarantees around .cursorignore. That would go a long way toward making people like myself feel better about the product.