If the LLM can run any code it writes itself, it can retrieve those credentials. It's just one `curl` away. If you don't let it run `curl`, but you let it run `python`, it can just run a Python script that fetches it using `requests`. Or a Node script that calls `fetch`.

Point is, if creds are accessible programmatically, the LLM can and may try to retrieve them if it thinks it needs them.