... it is against policy to store a password in clear text in the registry, config files, or code.

It seems to me [id://kutsu]'s suggestion of using Crypt::Blowfish complies fully with this policy. I work on applications that handle sensitive data (like database passwords in config files) the same way.

That doesn't mean you're completely secure though. If you haven't already, check out Quest: a bulletproof-secure, automated scraper for an interesting discussion on safely storing and using sensitive data.