Security: keep the Rails secret token out of version control.
Created by: smashwilson
This patch stores the secret token in a .gitignored file called ".secret", which is
created by the initializer if it doesn't exist. This keeps the Rails session token out of version control and deals with a security vulnerability.
For reference:
http://blog.phusion.nl/2013/01/04/securing-the-rails-session-secret/
http://blog.codeclimate.com/blog/2013/03/27/rails-insecure-defaults/ (Item 3)