The application is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information.