Yes, that problem exists, but it is solved by server's settings, not
miniBB itself. PHP needs to know EXACT password for connecting to
database. Even if we encode this password with simple algorythms
(which can be de-encoded back), it is not the best solution, because
everyone can de-encode it and view it in anyway (because miniBB is
open source, and there is no protection, why simple users can not
de-encode data, if they have knowledge in PHP).
Another reason that we can not encode password data is that most users
are mostly lazy. If we say - go there and there, type your password,
then go back to options, and copy-paste the result - this is unreal.
Users just type in what they know. Of course, we would do automatical
encoding - but in that way, setup_options needs to be CHMODed to 777
(that's the worest), than back to 755... shite... Many script
programmers are doing that, but on my opinion, it is even worest than
simply type in setup_options w/o changing the permission.
The only one solution in your case is TO FORBID shell-users to read
files from another directories (not from where they are owners). It is
easy configurable in Linux. And it really needs to be done for another security purposes!!!