in reply to hiding database passwords
Maybe Keeping MySQL connection parameters in a safe place would help.