Comment by nijave

The credentials are stored as a string so you can search the binary for a pattern matching what the credential looks like and it will be in there somewhere.

In client server architecture, the client is always untrusted. An executable shouldn't need to authenticate itself to the server. The executable should authenticate as a user or account using details provided by the person.

In cases like telemetry these endpoints usually accept unauthenticated or lightly authenticated data and perform layers of validation to prevent abuse (and are usually write/append only)