Do change that username and password, though, since they're available to the public.
I think the OP only tried it on his local (as suggested) but i've also gone ahead and modified my post to remove the dummy username and password for measure
On a side note: I think there should be some documentation though on the dangers of media sources and such scripts. It's very easy for a disgruntled former employee who has a limited access to a MODX installation, but full access to creating new media sources or access to the root of the site to go ahead and create a script like this, or modify the base path to access the servers root.