All websites should be designed and built with secure coding. Especially when back-end databases are involved. Websites that require a visitor to put in a username and password should have extra security provisions in place.
Should the website have a weakness from poor or unsecured coding it can be exploited by a malicious person; they can “inject” code into the username and password fields, granting them control to the database, allowing them to do what they wish from stealing the records to changing or deleting them.
Below is a short video to give you an example