I've made such mistake some years ago when I was really new to crypto. I wanted to send someone my wallet address and I mistakenly sent him my private keys
I once
entered my private key in a Google search field. It's such a common thing to do: "CTRL-V > Enter", and it's gone. The best way to prevent this is by making sure you can't make this mistake: never handle private keys on a system that's connected to the internet.
Things will get quite interesting once full RBF becomes commonplace. Any such transaction stealing coins from a brain wallet or leaked private key could be replaced by another transaction, regardless of whether or not is opted in to RBF or not. We could end up seeing different bots broadcasting more and more replacements, each paying a higher and higher fee, trying to steal the coins for themselves. Since there is no incentive for any one such bot to surrender and let another bot win, then such transactions could just escalate until the entire value (or close to it) is paid in fees.
I was curious about that scenario too. That would mean that (eventually) only miners profit from funds sent to addresses with leaked private keys.