Outside of checking id_rsa into your Git repo or emailing it, (which would be equivalent to doing so with passwords.txt), SSH (and thus Git) protect you from leaving id_rsa with open permissions. Though it may not be obvious that id_rsa is something to protect. (though again, I don't go emailing random files I don't understand either).
That having been said, I'm certainly not a security expert. Are there other common things to look out for to ensure my private key(s) are safe?
Do I understand right that id_rsa is an equivalent of password.txt in that you have big broblems if someone gets it? In this case I really worry about its being stored in the open in some /users/AppData and not on some TrueCrypt drive that is not mounted by default.
This is why you protect it with a passphrase, which SSH asks you to do by default. Choose a good passphrase, it's encrypted on disk, and decrypted only as needed.
Seriously guys, you're not even trying. Here are the instructions everyone is freaking out about, they contain an explanation of this very issue.
That having been said, I'm certainly not a security expert. Are there other common things to look out for to ensure my private key(s) are safe?