Translations:Manual:$wgRemoveCredentialsBlacklist/5/en

This is only enforced on the client level; AuthManager itself (e.g. AuthManager::allowsAuthenticationDataChange calls) is not affected.