That’s a bit surprising, given DDG uses Bing, Bing is Microsoft and Microsoft owns Github.

Did you try the same search with Bing, or have an example to share?

Do you have standard Firefox with default options that does this? This has not been my experience.

You could try out with a new profile if it works out the same.

And did mentioning these things just make the message disappear on US-based lemmy-instances?

I don’t believe it did.

Perhaps many, but I have over 500 accounts in my password manager, yet none of have been leaked per the password exposure report (which I assume is based on the https://haveibeenpwned.com/ database).

So perhaps the problem is overblown in practice, assuming you don’t use the same password in many sites.

Realistically, how often does this happen?

Maybe find a solution when it happens.