Encrypting configuration, probably a good idea - http://www.jasypt.org/encrypting-configuration.html