And here we go, my new blog article is out:
"Atom plugin "gitlab-integration" leaks your tokens"
TL;DR: When you use the Atom plugin gitlab-integration you should either patch it with the mentioned workaround in the article or stop using it. Definitely you should revoke the personal access token you were using with it.
Things get even better. So I opened a public GitHub issue in order to make sure people are informed and the developer might be even more motivated to fix it. Seems like the opposite is the case:
I'll give it another try to convince him, but if not… 🤷 Can't help people who don't want to be helped.
Looks like things worked out:
Sometimes it just needs a second hint :)