I am a developer and I agree with you that developers should not have day-to-day access to production. They might need this access for troubleshooting/deployment etc. reasons but in this case it should be through appropriate channels, not "just select what you need and press GO". It is clearly failure of the organization (and CTO, by proxy) to fail to enforce this separation, and the developer who exposed this huge hole should be thanked and rewarded, not sacked.
As for the documentation - as long as no actual password was stored there, it should not matter. The system should have been designed in such a way as to tell the user "you have no access rights there", unless their authentication (specifically for production system - not day-to-day one) allowed them. It is not the new developer's fault that the system was designed badly and it was not the documentation author's fault either (unless actual production access password was stored in the documentation, which does not seem to be the case)
Biting the hand that feeds IT
