AFAIK, those codes don’t need to be kept private, but I think they only do that verification once, so you can probably just delete the file at this point. (After all, you can also use a TXT record to store the verification code for a domain with Google, and those are definitely not private; anyone can dig your domain’s TXT records.)