Persoanlly for me I try not to put passwords in scripts. There really is no way to keep that secure. If the DB needs a password to access, I make the user type the password.
I create a user in the database and give that user only the access they need at the DB level. That keeps them from doing any real damage or at least there is a link between the damage they can do how much they are trusted. If for whatever reason you need to place a password in the script do it with a very limited DB user. If you provide permission in a database for user to drop whole tables, they will it might be due to meanness, or user error or even your script messing up.

As general guide when i plan security i take the approach of giving the user only what they need to get the work done, including myself.