Thanks Nagarjuna. This is an old topic that does not have a simple answer. Even if such a cast was prevented, the user would still need the ability to use Send Keys. This means they could write the password to a text field or an app like Notepad.

Perhaps a stronger LAM (logical access model) where devs are given their own app credential but do not have the ability to access, share or manage each others credentials, would help your situation.

If you dont trust devs with production passwords - don't let them develop on production environment? Even if Blueprism prevents that, there is nothing to stop them from getting the password in many other ways.
Password type is only really useful to prevent someone from peeking at the password over your shoulder and not having plaintext passwords in exported process/object (although when I got curious, it took me few minutes to find static XOR passphrase that blueprism is using).

There is in my opinion no way to prevent developer misuse of a credential. The very nature of RPA allows for too many loopholes.

Securing the credential as suggested will only result in credentials no longer working for their intended purpose.