Vulnerabilities also arise when access controls are flawed. describes an "Incorrect Access Control" vulnerability where access to password.txt was improperly restricted, allowing a bypass of the web application's security rules.
If you are currently using a password.txt file, it is imperative that you stop immediately. Here are safer alternatives: password.txt
The solution isn't to scold people for being lazy; the solution is to make the secure option easier than the insecure one. Vulnerabilities also arise when access controls are flawed