I dont know if there is a better way to share this but looks like some naive Django users might be exposing their email passwords. Django settings uses EMAIL_HOST_PASSWORD by default to store the password. Many people are hardcoding their passwords by using this.https://github.com/search?q=EMAIL_HOST_PASSWORD&ref=searchresults&type=Code