Jenkins Maven Release Plug-in Plugin stored credentials unencrypted in its global configuration file org.jvnet.hudson.plugins.m2release.M2ReleaseBuildWrapper.xml
on the Jenkins controller. These credentials could be viewed by users with access to the Jenkins controller file system.
Maven Release Plug-in Plugin now stores credentials encrypted.