An attacker can freely brute force username and password and can takeover any account. An attacker could easily guess user passwords and gain access to user and