As the summary says, the BFA plugin still uses custom fields for providing the MongoDB database username and password instead of a credentials selector. This also makes it necessary to put a variable into JCasC files instead of a credentials ID which undermines security (because that variable has to be set somewhere).

Please fix.