Webhook: Secret Token stored in plain text.
When configuring a Webhook, a Secret Token
can be specified to validate the payload. The issue is that this token is not very secret as it's stored in plain text.
The secret should be treated like a password.