When you are a programmer there are a lot of rules that you have to remember. They can be confusing at different points but if you do not remember them then you are putting the safety of your users at risk. And that is what it all comes down to. A lot of the rules that you will find when programming, especially if you are a web programmer, are made because of the safety issue. You have an obligation to make sure that the users of your software does not fall victim to some bad guy on the internet who knows how to manipulate code.
When you are learning these rules, you learn that some are more important than others. While you want to try your best to follow all of them, you want to make sure that you follow the most important ones carefully. That is why you will hear about some programming security rules more than others. One of the main ones that you will hear is about not hard coding passwords and other credentials in your source code.
What is hard coding passwords?
Hard coding your password means that you have made it part of the software you are using. Sometimes it is unavoidable and you have to do it but you do it in a safe way. You make sure that it is somewhere that no one is able to get to it. But when you are creating a web app, then there are very few places that are like this.
A hard coded password in your web app is very dangerous. While there may be some exceptions, the best option is always to not do it.