User privacy and security is of utmost importance to us, without trust we're dead in the water. Where there are options to use OAuth we only use OAuth, and for each API we aim to use the strongest possible storage solution.
We don't allow you to change connection details for an account meaning that if someone gained access to your dashboard they would not be able to see your connection details.
We can certainly change the input box to a password type to reduce the risk from over-lookers. We'll put it in the next drop.
Please let me know if you would like to discuss any of this in more detail.