Browsers absolutely love to auto-fill anything that resembles a

username/password field, despite this frequently being a terrible idea

for services requiring linking up with other services. As such, it's

common for a username/password to end up in a repository, even when a

hosting service is being used.
While not always a problem, some services do end up affected, like

TFS/TFS-Git in Power Pack. They make a call to

Repository.get_credentials(), which prioritizes the repository's

credentials over the hosting service's, for cases where a repository may

use something different than the hosting service (although no hosting

services currently allow for setting both, that's how the existing

behavior has been up until now).
This change turns off username/password storage for a repository when

using a hosting service, to help prevent that sort of problem. It also

removes any stored credentials on upgrade, to help with breakages or

bugs that may exist due to improper stored credentials.

Tested creating/editing TFS and TFS-Git repositories, which were

affected by this bug. The repositories didn't end up containing any

password information, leaving it fully to the hosting service.
Tested saving a repository without a hosting service. Saw that the

passwords did store.
Tested doing a site upgrade on a site with bad passwords stored for

the repositories. Saw that the passwords were removed.