The idea is that you provide your reasonable default configuration in your application, but you do not store anything for a specific environment with your code or in your version control system.
If you have, for example, two servers, one for production, one for development, you only provide configuration data for one environment in such a .local file. Thus, your development server cannot know, for example. master password for the production database. Therefore, it doesnβt happen by chance that you get a new development server, and someone forgets to set APPLICATION_ENV, and you start developing and messing up your production database because the application knows the passwords.
Or vice versa, a new production server cannot accidentally access a development database.
Thus, your application will automatically know about the environment by reading the file that is present, and there is only one file for each environment in which there are all the details.
This puts the burden of ensuring the correctness of the file to the administrator - or to a puppet script that configures everything. But the environment-specific configuration will not be deployed in the application.