The security issue is not in the connection, it is in general use. The biggest problem that most applications have directly related to the database is SQL Injection , then it's in the query who lives the danger.
There are a lot of security issues that can affect the database but it is not in itself. I would say that over 90% of the sites out there are vulnerable. Security is a serious, difficult issue that goes far beyond the basic programming knowledge that most have. I have 35 years of experience and am bad at security. Some have spent less than 35 days and think that they can do something safe. Dying drowned who thinks he can swim, which does not know nothing.
Obviously, the password exposed is insecure, you should never have a password exposed like this. The correct thing is always to let the user enter the password and carry it and handle it in a safe way which involves a lot of things to talk about here. But almost nobody does this. In some cases you can not demand this, it may be that a user does not log in to access the bank. Encryption would help a bit in these cases.
Of course the password exposed is only compromised if someone else enters the server, then the insecurity comes from another insecurity. It can be caused by an external invasion, by inappropriate local access that is relatively easy or even because it has left someone accessing distractedly.
You need to ask yourself why you are using PDO. If you think it's safe, you're wrong. He gives no security. It serves to abstract access to different databases, which no one else does, so it's usually just a useless layer for almost every case where it's used.
