I have a web app which would let a reddit user update their subreddit flair via a web form. The config file for this app contains login info including password for a mod account in plaintext as well as api_key and client secret. Is this secure and safe to deploy or will someone be able to navigate to reading that config file and get the credentials?