Credential Sharing as a Service: The Hidden Risk of Low-Code/No-Code