Just store it in a hidden system file, then its not in the application code:)

If the user account is restricted by host ip using database privileges and only granted what it needs the worst that happens upon password discovery is your application data gets compromised if someone gets on the box.

If someone is on the box they can most likely get your encryption keys and code as easily as they can get the password so the encryption wont help much