When using the credentials plugin run parameter, system credentials are only populated if the user has configure access.  This is a significant security hole as, in order for a user to have access to pre-defined credentials, he must be able to alter the jobs configuration.