If you store customer passwords in a plaintext password.txt file and it leaks, you could be in violation of GDPR, HIPAA, PCI-DSS, or CCPA, resulting in massive fines.