Hey! I know! Let's put all our login credentials in a single known publicly located file!
Heard of the "Twelve Factors"? (The Twelve Factor App: 12factor.net.) Well, they miss one:
The XIII Factor (the Thirteenth Factor, or Factor Thirteen or 13factor):
XIII. Login Processes and Credentials.
Keep Login code and Login Credentials in a non-public, secure location.
Login code should be located in a subdirectory (or file) not within the main Application location and never with a published name that every deployment will use.
Never allow a deployment to use a "Default Admin Password" or "Default Admin Page"; each installation should choose something unique.
Never allow a deployment to store any kind of Login Credentials in a "Default Location"; each installation should choose something unique.
(while you wait, here's how to Create Strong & Easy to Remember Passwords)