Hmm. If you alter the search to "filename:wp-config.php FTP_PASS" you start getting some that look like ... legit. For those who don't know, WordPress has some level of access to hosting server via FTP, for upgrades and plugin installs.

Pertinent config globals are FTP_BASE, FTP_CONTENT_DIR, FTP_PLUGIN_DIR, FTP_PUBKEY, FTP_PRIKEY, and of course, FTP_USER, FTP_PASS, FTP_HOST.

In a similar vein, things like this https://github.com/search?utf8=%E2%9C%93&q=filename%3Aid_rsa... are also why passwording your private keys is very important. Tons of these keys (why are people committing these to public repositories??) aren't passworded. It astounds me that someone has the technical knowledge to create an ssh key/pair, commit to github, and manage to send their unencrypted private key off into the public sphere.