This is connected to a ZBX-13769, but I separate it to independent issue in an attempt to make zabbix users life easier.

Assume that I needed to change credentials (and/or AuthPriv params) for SNMPv3 devices in my network. I did it on devices side and in zabbix frontend too.
And ... I got very bad picture in hosts availability and/or unsupported item alerts (reasons are described in the ZBX-13769).

So, what I observed when performed those tests: similarly to EngineBoot<->EngineID per-process (*poller) memory, the same is actual for credentials!

Yes, each poller process *AFTER very first polling of a device (maybe key filed here is "Security name" with/without combination with EngineID - not tested. Later, below devs confirmed - EngineID involved too) - the process remembers "auth" data in library's cache and reuses it further.
It means that after some zabbix_server uptime, all (likely) poller processes will remember the "auth" data and any updates in frontend (for 4 fields) will not be actually applied. Note: unreachable pollers (likely) will not remember the "auth" data, they likely will catch new values.

The picture visually gets very similar to a case, when you have duplicated EngineIDs in the network.

Important detail:
Changing any of these 4 parameters:

Authentication protocol
Authentication passphrase
Privacy protocol
Privacy passphrase

without changing "Security name" - requires server/proxy daemons restart !!!
In other words - if "Security name" is changed as well - those 4 new params WILL BE applied after configuration reload without restart!

I'd add a note to documentation about required server/proxy daemons restart.