Are personal credentials stored in Webrecorder/Conifer/Browsertrix WARCs?

I was wondering what is the case with all three of the tools when it comes to the username and password used to capture a logged-in version of page.

I remember reading a comment I believe by @ilya (can’t remember where exactly though, sorry) that stated that credentials used to capture can end up in the WARCs. Is this the case for Webrecoder Desktop, Conifer, and browsertrix, and if not what are the differences?

And a related question: what could be a good way to check a WARC for the presence of credentials? Would using something like warcio to read them work? Complete newbie here so any pointers are very welcome!