I dealt with this problem a while back, and posted some advice here.

Bottom line: Keep all passwords off of the web server, and connect to the database through custom proxy (or middle tier) that doesn't allow raw SQL.