Each version of Pressflow is API-compatible with the same major Drupal version. For example, Pressflow 6 is compatible with all Drupal 6 modules. Pressflow 6 also integrates the SimpleTest system from Drupal 7 and the CDN support patch.
Starting with version 7 Drupal denies access to "hidden" directories and files whose names begin with a period. If there is a .git directory (in the document-root) it might get exposed to prying eyes. This is nothing new as you may find in the article Don't publicly expose .git or how we downloaded your website's sourcecode - An analysis of Alexa's 1M from 2015, but it might be still happening if the web-developer isn't aware of that it wasn't fixed for Drupal 6.
Starting with version 7 Drupal denies access to "hidden" directories and files whose names begin with a period. If there is a .git directory (in the document-root) it might get exposed to prying eyes. This is nothing new as you may find in the article Don't publicly expose .git or how we downloaded your website's sourcecode - An analysis of Alexa's 1M from 2015, but it might be still happening if the web-developer isn't aware of that it wasn't fixed for Drupal 6.