A devastating supply chain attack on Codecov exposed secrets in thousands of projects, revealing critical vulnerabilities in how we trust third-party tools in our development lifecycle.