What potential security risks are present in storing passwords as plain text in a PHP application?

Storing passwords as plain text in a PHP application poses a significant security risk because if the database is compromised, the passwords can be easily read and used by malicious actors. To mitigate this risk, passwords should be securely hashed before being stored in the database. This way, even if the database is breached, the passwords cannot be easily decrypted.

// Hashing the password before storing it in the database
$hashed_password = password_hash($password, PASSWORD_DEFAULT);