The BackupWordpress plugin has a very very serious security issue!
So if you installed it and set it up to backup your database regularly. The plugin, by default, will place your backups under the wp-content folder which is web accessible!
For example, after a couple of days, I’ve found my backups under this folder:
Out of curiosity, just tried to open this link in browser. And voila! I was able to download my database 😀
I was not able to change the destination directory, nor the permissions to it. Here’s a screenshot of the available settings: