There's a thing called DoS attacks. When a hacker tries to bring down our service, they can act like a client and overwhelm our servers with unlimited requests. To protect yourself from this, you can use a so-called rate limiter. A rate limiter basically defines how many processes or requests a server is going to accept at a given time.

When a user creates a password, we shouldn't store the password as plain text. If our database gets compromised and hackers read our passwords, they can take the passwords and log in without any issue. In order to protect our users, we use so-called hashing algorithms.