It is still possible to find anything on the Internet. Backups of websites containing passwords and information. It is all out there, and not everyone is getting the message that this is a bad idea. This could be used to harvest e-mail addresses and decrypt passwords. Do not store website backups in publically accessible directories. This leads to trouble. The website owner must be mindful of the consequences of data theft and manage the website appropriately. But this does not always happen. With websites that have phpinfo() accessible on the web, as well as printers connected that allow anyone to upload any file they wish to print at the site. That could be funny I guess, but not if you were the owner of the printer that prints a 900 page PDF file out of nowhere. Google Dorks can find anything you wish to find. This one for example. “Index of /backup”. This can find website backup files, this can contain passwords and e-mail addresses of all users on the website. This is very embarrassing. But security measures can be taken to ensure this does not happen. There are a lot of horror stories of website backups leaking on to the Internet, do not let this be you.
Secure your site and ensure that the backup scripts are properly tested and write to a directory that is outside the public_html folder. This will keep your data safe from theft. There is an example here: https://www.troyhunt.com/the-capgemini-leak-of-michael-page-data-via-publicly-facing-database-backup/. This shows why you must cover all avenues when securing your website. Sure, have Akismet, SSL, and proper HTTP headers, but look after your backups as well, they are precious.