53% of open-source Model Context Protocol (MCP) server implementations rely on insecure, long-lived static secrets, such as API keys and Personal Access Tokens (PATs).