The security implication of this shift is underappreciated. A repo that was never meant to be shared was also never security-reviewed. Personal tools built fast tend to have hardcoded API keys, credentials committed during a "just get it working" phase, and file system access patterns that weren't meant to be public.

The 50B lines across those low-star repos isn't just an interesting metric about usage patterns. It's a significant amount of unreviewed code sitting in public repositories. Stars were never a quality signal, but they were at least a proxy for "someone other than the author looked at this." That selection effect disappears entirely when the build cost drops to near zero.