| ||
We often worry more about protecting information in transit than protecting the information while it is on disk, but the information spends more time stored on the system than it does in transit. There are a number of aspects you need to consider when storing data securely: permissions required to access the data, data encryption issues, and threats to stored secrets.
A variant of storing data securely is storing secrets in code, and we use the term storing very loosely! Of all the sins, this is the one that irks us the most, because its simply stupid. Many developers hardcode secret data into software, such as cryptographic keys and passwords, that they do not expect users to recover, believing that reverse engineering is too difficult to do. You may think its true, but if its not, those with malicious intent can reverse-engineer the code to divulge the secret data.