One wonders what happens to the contents of KeyCredentialManager if the user forgets their password..

Had a task on my TODO-list once to use the Windows secret storing API:s. Would probably ended up with the same vulnerability as Bitwarden. (Was just for an internally used service in my case).