I’ve implemented this in my projects the same way you have described.
Security-wise, this is written to an app-specific folder that is private to the app. As long as the users are applying best practice (authentication to unlock device, not rooted/jailbroken), this should suffice.
However, if you are in a very security-conscious industry, you may consider encrypting the username and password strings before storing, and then decrypting after retrieve using a JS library, or you could even implement a react native secure key store. Usually, in that type of industry, even more is needed such as root detection/binary tampering, etc. which would involve a few other libraries as well.