Well actually, a bit of both. I try to put down the chapter and pages, or at least keep the key idea in the title.
But I have raised a very valid point. The exercise on page 319 raises a security issue. When you put your login information in any file on a server (and unecrypted) you raise the possiblity of it being exposed to anyone who can get access to your server.
One person raised the concern that you might change the extension say from web.config to web.txt and then anyone who entered www.yourdomain/webconfig.txt
in the URL is going to get the text of this file.
Granted you can't get the web.config contents by just requesting the URL, but as some of the links I have looked at it isn't an impossibility!;-)