One of the primary risks associated with storing usernames and passwords in plain text is credential stuffing. This is a type of cyber attack where malicious actors use automated tools to try large volumes of stolen login credentials on a website or application. In the case of Facebook, if a hacker obtains a list of usernames and passwords in plain text, they can use these credentials to gain unauthorized access to accounts.