How much proprietary information could I be giving away

If I create, say, a collection in my free-tier team, that goes in to a public workspace, yes?

I know that I shouldn’t put API creds and the like in the collection itself, but rather I should use Environment Variables because they aren’t shared.

But what is being given away by a public workspace?

Say, for example, we were using Postman to test internal APIs. How much information could someone gain from examining the workspace? And, is there a registry of these public workspaces somewhere that allows people to just browse to see what they can find?

Hey @sejhemming , welcome to the community forum!

No, you need to explicitly set a workspace as public in your workspaces settings.
See: Public workspaces | Postman Learning Center