Credentials should never be included in comments. Doing so means that anyone who has access to the code also has access to the database. 


This rule flags each instance of "password" in a comment