Every developer should know that it is a bad practice to host the GIT folder on your site. Even though it is a hidden folder and Apache by default don't list the contents of it, hackers can easily steal data from it.
Still it might happen that due to a lazy upload the GIT folder came along with the uploaded files.
One of our fellow white hat hackers made me aware of this (thanks securetheplanet.army)!
To prevent any data leaks I adjusted the Apache configuration so that it will not serve files inside the .git folders.
Steps to prevent Apache from serving GIT folder:
In the bottom add:
# Block GIT access RedirectMatch 404 /\.git