Look at the statistics on software security incidents and you'll almost never find a case where "the encryption algorithm was broken." What you will find, every single week somewhere, is "a password / API key / DB credential got committed to a code repo in plaintext." By GitHub's own numbers, more than 12.5 million secrets were leaked to public repos over 2023, and 91% of them were automatically harvested by bots within 24 hours. In other words, the realistic assumption is that a secret is "stolen the instant it's exposed."
The cloud-era answer to this problem is a central secrets manager