A light bulb is not a typical place to find your password back, but the author of the Limited Results blog show us the hard reality. Throw that bulb away and you never know where your password will end up.
In his blog he explains how easy it is to open up a light bulb, create access to the board and memory and make the passwords and even the private key used, visible. He bought a LIFX Mini white, cleared away the paste to get to the major component of the module, a ESP32D0WDQ6 SoC from ESPRESSIF.
It is a typical example of how IoT security can go wrong. Security is more then hiding the main components under a thick layer of paste.
If you want to see the whole process, go visit the blog of Limited Results: https://limitedresults.com/2019/01/pwn-the-lifx-mini-white/