Right. When the implication is spies, lockpicking, laser limbo.... The more likely scenarios are a CFO that thinks they are also a CTO, a sr tech that was given admin credentials to fix a problem that kept coming up for some reason, or some inconsequential service bot account was given admin privileges in development and never fixed later.
Considering someone at SolarWinds uploaded FTP credentials to their public Github and left it exposed for almost 2 years, I could definitely see that happening.
