I got a great security tip from this forum post (click here) telling how to "hide" the configuration file from potential hackers.  This will keep passwords and other data from being exposed.  Here is the technique described in the post:

• Move configuration.php to a safe directory outside of public_html and rename it whatever you want. We use the name joomla.conf in this example.
• The configuration.php file in the root of the webhost should only contain the following code:

<?php

require( dirname( __FILE__ ) . '/../joomla.conf' );
?>

• Make sure this new configuration.php is not writable at all, so that it can not be overridden by com_config.
• If you need to change configuration settings, do it manually in the relocated joomla.conf.