Placeholder Credential Is Live

A credential parameter required by a user-creation or constructor function is given a literal placeholder value because the developer's threat model places the actual access path on a separate mechanism (unlock key, signed token, admin-only UI). The framework persists the placeholder into the same auth store as real credentials, and a globally network-reachable password endpoint accepts it from any caller. The developer's intent that the placeholder is internal is documentation, not enforcement.