CredentialNode.getCredential() should clone the credential returned so that the destruction of any wrapped passwords does not affect the cached instance.

RawClearPassword.clone() should clone the password array.