I have pm-ed someone on this matter… but basically the fix is just a matter of rewording:-
‘We cannot find the public repo (note that you have not logged in). If you are accessing a private repo, then please login first’.
So this way, if a user want to brute force to check if the repo exist, he/she has no idea whether the brute force actually result in something. So security-wise, it is still good.