I agree with you, but I can't imagine a use case for a secret that's not secret.

I believe Vagrant uses (or previously used) an insecure, public keypair[0] to keep things simple.

Aside from things like that, I can't see it being a _common_ use case.

[0]: https://github.com/mitchellh/vagrant/tree/master/keys

They could be pointing to an environment variable or a number of things. I'm not sure if there's a good way for Github to deal with things like that without affecting at least some users.

edit:..I guess they could just validate that it's a key.

There probably aren't many, howto and examples come to mind.

Certificates are not secrets.