.gitignore doesn't have the same security implications.

If you fail to prevent a private key from being added to your repository, you can reverse this and purge it from the blobs and reflog as if it never happened.

If you fail to prevent OpenAI from ingesting a private key, you have created a security incident.