Sharing Workflow Templates with Secrets

In our organization, we have created a public repository called .github. I am following the link. In .github repository, I have created a workflow-templates directory and have added the .yml and .json files. But in my yml file, I have steps which require some secrets. These secrets are defined at the organization level, but are restricted to Internal/Private repository access. Since .github repository is public, anyone can view these secrets. I want to be absolutely sure that no one can misuse these secrets. I believe, no one can and it is absolutely fine including them like ${{ secrets.MY_ORG_LEVEL_SECRET }}. Experts, please confirm.

Why do you think that secrets can be viewed by everybody? Even in public repos, they are still secrets that cannot be viewed arbitrarily. It would require write access for a repo under that org in order to modify a workflow so that it leaks the secret, or a malicious action that does that, or an explicit checkout of the head branch in combination with pull_request_target: