Well, off the top of my head, mod_security has rules that scan outgoing data for password or code leakage.

A deployment strategy that requires testing that pages show what you expect them to show would also likely catch it.