Sensitive information such as access credentials, passwords, and cryptographic keys should not be stored in the source code. Hard coded passwords may compromise system security in a way that cannot be easily remedied.
Since so many systems are built using an n-tier model, managing automated authentication to back-end systems becomes a problem that needs a solution. For example, the application code might need to authenticate its connection to a back-end database upon which it relies. Many applications use a simple, hard-coded password in the application to ensure it will be able to connect properly. This is a bad idea for several reasons.
First, source code can generally be accessed by a large number of people at an organization spanning adjacent development teams, QA and sometimes even operations staff. That means the hard-coded secret isn't actually secret at all.