Why Every MCP Setup Guide Is Teaching You to Store API Keys Wrong

If you have set up Claude Desktop, Cursor, or any MCP server in the last six months, you followed a guide that told you to do something like this: { "mcpServers" : { "github" : { "command" : "npx" , "args" : [ "-y" , "@modelcontextprotocol/server-github" ], "env" : { "GITHUB_PERSONAL_ACCESS_TOKEN" : "ghp_xxxxxxxxxxxxxxxxxxxx" } } } } Your actual token. In a JSON config file. On your filesystem. Every MCP setup guide tells you to do this. The official documentation shows this pattern. Tutorials, YouTube videos, blog posts — all of them. It is the de facto standard for MCP configuration. It is also a serious security mistake. And almost nobody is talking about it. What You Just Did When you put your API key in claude_desktop_config.json or ~/.cursor/mcp.json , you: Stored a plaintext credential in a file any process on your machine can read. Your AI assistant reads that config file to start the MCP server. Which means the contents of that config file — including your actual token values