Too Long; Didn't Read
I scanned 2.6 million domains for exposed phpinfo files. The discoveries where shocking. Many outdated PHP, server or module versions. Many unsafe PHP settings for production systems and quite a lot of sensitive informations are exposed through phpinfo, like database credentials, email accounts, API secrets, access to cloud services or private keys.