Seems the steampipes sprung a bit of a leak recently, as it's been confirmed that both Counter-Strike: Global Offensive and Team Fortress 2 had their source code put up online.
The popular but unofficial website SteamDB confirmed it on Twitter, with Valve following up from the CS:GO Twitter account later to also confirm it. There seemed to be some panic, with a claim of an exploit out in the wild although that doesn't appear to be true. Valve said:
"We have reviewed the leaked code and believe it to be a reposting of a limited CS:GO engine code depot released to partners in late 2017, and originally leaked in 2018. From this review, we have not found any reason for players to be alarmed or avoid the current builds."
"As always, playing on the official servers is recommended for greatest security."
"We will continue to investigate the situation and will update news outlets and players if we find anything to prove otherwise. In the meantime, if anyone has more information about the leak, the Valve security page (next tweet)* describes how best to report that information." *Valve Security Info
From additional info sent out from Valve, they did also confirm in these emails that the leak contained TF2 code too. Update: Valve also now confirmed the TF2 leak on the official Twitter.
Not a situation any game developer wants to be in, while nothing may have come out of it just yet that's not to say it won't cause issues later as more people seek to get a copy of it. That's part of why Valve has a Bug Bounty program, where they pay people who find valid issues.