If your script can read the password, anyone who can run your script can read the password. If you stick a key in your script, anyone who can read your script can read the key. The script has to be able to locate the file, so anyone who can read the script can read the file's path, so hiding it just makes it harder for you to remember where you stuck it.

Assuming a Linux context, the best way IMHO would be to configure sudo to allow root privalege w/o a password on that script, and then make the password file root-only rw (600, let's say). This will save you by leveraging the security model already in place. If someone has rooted your machine, then nothing on there is secret anymore. See Stack Overflow.