you may ask why he had domain admin credentials
If you are dev in an smb a lot of the time you are both development and support at the same time, there are no excuses for hardcoding passwords though.
Personally with stuff like that a new account is created with minimal permissions for the code in question and the details dumped into the password database this takes me about 5 minutes to do.
Biting the hand that feeds IT
