Here are some strategies to remove plain text passwords from configuration files and your code base. It's one way a secure Java app can deter a malicious attack.