PW101

Passwords, secrets and keys should not be hardcoded into Python files.

Python can easily be disassembled in memory and strings can be loaded.

Example

password = "SUPER_SECRET"
secret = "my super secret key"

Fix

Use a salted or one-way hash for storing passwords and compare against the hash.