Re: it only takes only four lines of code and a local config file
Web server =! Exchange server. A company could have their own corporate Exchange server, which would hold a lot of important and sensitive data, but contract out the running of their web server to a third party.
A web server might get compromised and normally you would consider the servers at a different location using different authentication to be OK. But with this problem it could lead to the user accounts on your corporate Exchange server are also compromised, along with a lot of your corporate data, and you would not even have a single failed login on your Exchange server because your email programs have the given the correct username and password to the compromised web server.
If you don't think this is problem that could lead to serious consequences then talk to the World Anti-Doping Agency or the Democratic National Committee.