we do not currently return any password credentials via the API - this is to ensure they cannot be accidentally accessed if the admin api were to be left unsecured.
It is something I've been thinking about a bit - there are plenty of cases where, if done properly, it would be useful to be able to access the credentials. We just need to make sure it is done securely and that users don't accidentally expose their credentials.
Your question has prompted me to write up my thoughts on this and to start a discussion on the design here: Provide Admin API access to flow credentials · Discussion #44 · node-red/designs · GitHub
If you, or anyone reading this, has comments on the design, please do chip in - either here, or preferably over on the GitHub discussion linked above.