Dmitry, if you use Craig Boyd's vfpencryption.fll you're looking at fewer than 5 lines of code to encrypt/decrypt the connection string, though the encrypted version is binary and may be better as a .bin file on disk rather than in xml.
As IT moves more into the CFO's area, Security Audits and similar will become more common IMHO. If you document these features in a security policy, it looks highly professional and allows an immediate tick in the security box.
"... They ne'er cared for us
yet: suffer us to famish, and their store-houses
crammed with grain; make edicts for usury, to
support usurers; repeal daily any wholesome act
established against the rich, and provide more
piercing statutes daily, to chain up and restrain
the poor. If the wars eat us not up, they will; and
there's all the love they bear us."
-- Shakespeare: Coriolanus, Act 1, scene 1
