It was added the possibility to encrypt the passwords used to connect to database. But the encryption key is hardcoded in code. Therefore, someone with access to code (or decompiled) can discover the encryption key and decrypt the passwords. Nevertheless, if I copy the configuration file from other machine, I can use its configuration, and without knowing the password, connect to the database.
The password should be encrypted/decrypted by a master key, defined by the user. The user must enter the key on application startup (or on first use of a connection with encrypted password) and the password keep in memory for future use (to not reduce user experience).
Just to mention: There's a simple and secure workaround: In your Alias definition do not enter any password and uncheck "Auto logon".