ServerCredentialMapping.DescriptorImpl.doFillCredentialsIdItems should probably start with

if (context == null || !context.hasPermission(Item.CONFIGURE)) {
    return new ListBoxModel();
}

lest it expose credentials IDs and descriptions to anonymous users.

This is assuming that context is actually expected to be non-null. Though if so, why is CredentialsHelper.findValidCredentials ignoring it? If there is no item context, check something, such as Jenkins.getInstance().hasPermission(Jenkins.ADMINISTER).