This is just common sense, really. You should not be storing any information in a publiclly accessable web directory you do not want being seen.
If you don’t store this stuff in a directory that is accessable from the web, Google code search becomes a moot point.
Given that many Joomla! users have precious little understanding of how webserving actually works (I mean, that is (at least a small) part of the whole point with such CMS systems), it is probably good that the Joomla enthusiasts warn of this, but the warning should really not be necessary as such things sholdn’t be stored in such a way in any event.
Goodle code search does not reveal anything that couldn’t be revealed without it’s use - it just makes it easier
Rules to follow:
Don’t place it in a web accessable directory if you don’t want it to be reachable from the web.
make sure there is an index.html (or other page served by default) in every web accessable directory whose contents you don’t want browsed.
Use Apache authentication (.htaccess), or other protection mechanism, if you want to restrict public, or robot, access to a web accessable directory.
THere are myriad of other things you can consider, such as the use of robots.txt, other .htaccess restrictions, re-write rules, etc. - but the three above are the one you really need.