database connection strings unencrypted
user passwords are stored in *.user files so it is only database connection strings that are not protected.