Security by obscurity doesn't work.
If uploading the source code to GitHub reveals security issues you already had security issues. Hiding them by hiding your source code does very, very little to improve your security.
You may even receive bug reports and / or fixes, making your code more secure, not less. (Unless your site is high-profile, I wouldn't expect this, but it's possible.)
Of course, as you have already mentioned, your database credentials etc. should not be included in your repository.