You don't find those best practices in Perl fora probably because they're the same best practices for any language.

I don't store that sort of information in the script: I make the script get it from somewhere else. Encoding rarely helps because the script is the recipe to decode it. How you decide to do that depends on your situation, but at some point the script ends up knowing all the secrets.

However, I do create several sets of passwords, and I give them different sets of permissions (read-only, insert-only, update-only, and so on) so that no script can do more than it should. Along with that, your database server may be able to limit access based on host or user names so that even discovery of the password doesn't complete the puzzle for the bad guys.

There is a lot more too it, but look for topics on web security rather than just Perl.