stackoverflow에 올라온 'CWE-259 hard-coded password' 보안 문제에 대한 답변:
The reason you are getting the hard-coded password flaw is because in line three of your snippet you are hard-coding your password in a variable. This is because you are storing sensitive information (username and password) in the source code, which is a flaw because your can source can be decompiled.
One way to fix this flaw is to store the credentials in a strongly encrypted file, or apply strong one-way hashes to the credentials and store those hashes in a configuration file.
You can get more information here: http://cwe.mitre.org/data/definitions/259.html
변수에 하드코딩한 패스워드프를 넣을 경우 민감한 정보(사용자 이름과 패스워드)가 소스 코드에 저장되고, 그러면 소스가 디컴파일이 될 수 있다고 하네요.
'CWE-259 hard-coded password' 취약점에 대한 자세한 내용은 http://cwe.mitre.org/data/definitions/259.html에서 살펴볼 수 있습니다.