They can impersonate you and push code into the repos in your name with a high likelyhood of you not noticing it.
The typical hobby dev machine isn’t particularly secure and for sure less secure than the typical server. Accessing everything from there with a single key is a pretty gaping security hole IMHO.
There seems to be this common misconception that ssh keys are more secure than passwords, but that is only true when you use really weak passwords that you keep in your head instead of a password manager.
If you want to actually increase your security then you need to set up a second factor auth with a seperate device.
They can impersonate you and push code into the repos in your name with a high likelyhood of you not noticing it.
The typical hobby dev machine isn’t particularly secure and for sure less secure than the typical server. Accessing everything from there with a single key is a pretty gaping security hole IMHO.
There seems to be this common misconception that ssh keys are more secure than passwords, but that is only true when you use really weak passwords that you keep in your head instead of a password manager.
If you want to actually increase your security then you need to set up a second factor auth with a seperate device.