Any Toolforge user can log in to tools-puppetmaster-02 and read any file located under /var/lib/git/labs/private, including files modified in local commits containing Toolforge secrets (obviously I didn't look at the contents of any actual secret files, but I did look at the list of affected files using git log --name-only --pretty=oneline, and using ls -a shows that they are world readable).
There might be similar security vulns on other "internal" Toolforge nodes that can be accessed by any Toolforge user or on other shared projects.