Use a hidden file such as .password

This is security through obscurity. The proper thing do here is to configure your database to identify itself in a more secure manner than using passwords in scripts. Meanwhile, keep in mind that dotfiles are NOT hidden in the least, and you probably want chmod 700.

See here (can't find the official link, but it's still a good read): Auth-Methods for Postgresql

Talk to your DBA.