So I built a program to run reports. I put credentials in the python script. I want to distribute this to user without python so I converted it to a .exe using pyinstaller. I wasn't able to find the credential by looking at the .exe in notepad, since it doesn't appear human readable. However, I wanted to ask, can the credentials be discovered?
When you run an .exe created with Pyinstaller, it will create a temporary folder containing the required libraries, any files you may have copied, and a compiled version of your source code in .pyc files.
These files can be decompiled, even if not that easily, so your credentials can in principle be accessed by an attacker.