Why do you have the 'text file hidden away which contains hundreds of CC numbers' if you found that source, communicated the issue and saw that the issue was resolved?
The whole line of thinking here is very odd to me.
I mean, what good is evidence that you keep to prove you aren't lying if the evidence is never meant to be shown? And if it is meant to be shown you'd be committing a crime by doing it, which would be especially silly just to prove to someone you wouldn't make up such a mundane story.
Either way you should just delete that file. It serves no useful purpose (eg. you can't show it to me to prove you're not a liar) and despite all the good intentions you have shown in the past in getting the issue fixed you are likely committing a crime simply by keeping a copy of it around.
Why do you care if anyone thinks that you're making up stories? And if someone did accuse you of making up stories, what are you going to do? Decrypt and show them the file with hundreds of credit card numbers?
This is why well-meaning hackers end up with jail time whenever they're pulled over for a broken taillight.
It does do something, but it means if you find (or build) the Foo1 rainbow table you get all the passwords instead of just one. It's certainly a step above not hashing or not salting, and could even be a problem for the attacker if compromising the database does not mean they compromised the source code.
Not ideal, of course, but not the worst thing ever.
