The Base64 encoding (yes, obfuscation) that others have suggested may at the very least protect from an attacker that only has the time or inclination for an accidental or not screen glancing and who wouldn't go further if he encountered a garbled looking string.

Now whether this is a valid or simply common enough attack vector to bother with could be something to debate.

As a sidenote, re-adding in PR1.1 accounts (skype, msn, gtalk) that I had added beforehand hid their passwords from that file.