Understanding the Risks of Self-Hosting Credential Verifications