Who says it's consumer data? It can be a personal project, a blog, etc.
Just because it's not secure doesn't mean you should delete the data, because where does such reasoning end?
Reminds me of the super meat boy web version with database creds in client. Dev knew, but just did a quick implementation. Hacker wanted to prove his point and ruined it for everybody. Making a secure version was not worth the effort, so now because of this prick nobody could enjoy it.
Just because it's not secure doesn't mean you should delete the data, because where does such reasoning end?
Reminds me of the super meat boy web version with database creds in client. Dev knew, but just did a quick implementation. Hacker wanted to prove his point and ruined it for everybody. Making a secure version was not worth the effort, so now because of this prick nobody could enjoy it.