Resolution: Not A Defect
A very common use case of Jenkins is to delegate the responsibility of the creation of pipelines to third parties or developers. These external teams should be able to use secrets given to them via Jenkins credentials, but shouldn't be able to visualize the value of the secret.
For this use case, withCredentials is broken:
The secret can be easily viewed.
Letting someone work on a pipeline is basically showing them the secrets that pipeline uses.
For this example I used "Secret Text", but it also happens with "AWS Credentials".