Normally, when using RetroArch, when you enter your RetroAchievements login and password, the password gets replaced by a token on first RetroAchievements login, that, to my knowledge, you can’t really do much with aside from logging in in emulators.
In muOS, probably due to how RetroAchievements configs are implemented, password keeps getting stored in the retroarch.cfg and retroarch.cheevos.cfg files, even with config freedom enabled, which is not great.
Obviously RetroAchievements isn’t a bank account level of importance, but letting RetroArch do its thing with replacing the password with token would still result in a more secure system.
Currently this can be worked around by manually editing retroarch.cheevos.cfg and making sure password entry is empty and pasting your token from another instance of RetroArch, for example on PC.