Developers in organizations large and small tend to leave secrets like passwords and API tokens embedded in source code for attackers to see. In the wrong hands this can lead to expensive security incidents that distract time and resources away from an organization's mission.