The way I have been doing it is encrypting and storing the username in one file, the password in another file, and placing both outside the public directory, and finally chmodded to 600.

I gleaned this from reading nodes like this one. But I have also come to the conclusion that there are probably no totally secure ways to do this.