The short version: Super Meat Boy for PC connected directly to a MySQL database to upload levels created in the level editor. The DB address, username, and password were all stored in plaintext in the binary. The DB user had UPDATE and INSERT permissions, but not DELETE, so the game author figured there was no harm to make that user public.
I've seen a serious multitenant business app that manages financial info do this. Except the credentials were root. And also valid for SSH. Users would run a Java applet, which would SELECT from users (after connecting as root) to determine if their login was successful. 7-8 figures per install and this was a "known issue".
Contemporary HN thread about it: https://news.ycombinator.com/item?id=3387628