I've thought about even taking this further: Adding a domain to secret. e.g. secret:example.com:abc

Then example.com could host a /.well-known/secrets.json which would include information on how to automatically report and/or revoke a leaked secret.