There are two aspects to this question.

First: yes, GitHub Copilot (free version) is likely to use your source code for multiple purposes, such as model training. But in the first place, it will send your code snippets out to analyze outside your machine, which by itself is already a security breach, if you work under client NDA.
Second: secrets (like usernames, passwords), should not be part of the source code - a general good practice, which will not prevent you from all trouble but will often minimize risk. In the particular case of working with copilots, this practice gains importance.
Here's more on both topics: https://medium.com/@pp_85623/github-copilot-for-private-code-think-twice-079c5b5a0954