External system credentials (such as database) are stored in clear text in configuration files for deployed applications. Several options exist to mitigate the risk:

1) Ensure tight file permissions are applied to the configuration files in each deployment. The documentation should be updated to reflect this need.
2) Encrypt the values in files and do the decryption on application start up.