GraniteCredentialsListBoxModel.fillItems should probably start with

if (context == null || !context.hasPermission(Item.CONFIGURE)) {
    return new ListBoxModel();
}

lest it expose credentials IDs and descriptions to anonymous users.

This is assuming that there is a context passed in from callers, typically as @AncestorInPath.