Re: Self inflicted public humiliation
Well, code CAN contain such credentials, but: They must be stored in a secure way, so they only work on this machine (or vm) with that specific account, else decoding the security token won't work. Though I only use that inline-credentials way only for small scripts. For projects they have to be stored in a different, more secure, way.