Researchers at the RWTH Aachen University in Germany published a study revealing that tens of thousands of container images hosted on Docker Hub contain confidential secrets, exposing software, online platforms, and users to a massive attack surface.
I guess it depends, if it’s a secret in use for the image, an attacker might use it to attack a pulled instance if the user deploying it didn’t change the secret. Kind of like an unchanged initial password.