Thanks for the response Sean, and for clarifying that admins do still see the home directory of other users. Is this the main reason that storing credentials in the home directory is not advisable, or are there other ways in which people can see a file in my home dir?
My use case is: I have a shiny app that makes an API call that requires an authenticated API key. I usually place my code on github and gitignore the key file, so that way my code is available for others to replicate. I also host the app on my shiny server or shinyappsio sp others can see a working version of the code, and that app does use my real API key, and that's ok because users can't see my key. I thought rstudio cloud is a great one stop shop for both sharing your code AND showcasing the demo but I don't see how I can use it with my app.
I got this idea from seeing that the Shiny contest requires participants to share their code on rstudio cloud so others can copy the project. How would somebody enter the shiny contest and host on rstudio cloud if their app has any type of credentials file?