Well, from what you have shown us if I enter
and you have a matching profile, then yes, it would be a security hazard.
Generally you ask for two pieces of information, a username and a password.
So that you end up doing something which essentially equates to:
$username = // as you have done
$encrypted_password = // get the password, encrypt it with the same method you used before you stored in the db
"SELECT * FROM profile WHERE username = '$username' and password = '$encrypted_password'"
The encrypted password should be so encrypted that it is impossible to retrieve it in its plain text form, even for you.
Sometimes that username can be elicited from a cookie, the amount of security you apply may well depend on how much damage losing an account will cause you or the user.
If it is to retrieve some settings like your preferred background color, then you'd handle it differently to giving access to personal information.