The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle.