Zabbix stores secret macro values as plaintext in the database. This creates a "Data Exhaust" vulnerability where confidential information (such as API keys, user passwords, and SNMP strings) is exposed to anyone with read access to the database or its backups. To mitigate this risk, we recommend for future releases that Zabbix encrypt these values before they are written to disk.