phpMyAdmin or what it's called, back in the days of LAMP stacks that was deployed almost everywhere without much security around. Not sure if it also had sql injection bugs etc, but just the low amount of security considerations most people gave this direct access to the database was probably enough to hack into most servers of that time.
Don't worry about security, we need to ship.
It’s like a firewall default policy of ALLOW and complaining that packets are getting through.
There was a literal “Skip” button on the login page and the default account was granted permission to read certificate private keys. Did I get that right?