The software stores a password in a configuration file that might be accessible to actors who do not know the password.