Versions affected: LedgerSMB 1.2.x
The decision was made because there is no way to hide this information from the web server, since it needs to log into the database. It is better not to have a false sense of security. SQL-Ledger obfuscates this information but does not truly encrypt it.
Anyway, this problem is going away because 1.3 changes the way db passwords are handled.
[originally submitted by fling]