This from my IBM colleague, Martin Lansche: -
IBM® WebSphere® Application Server stores system passwords in files that are simply encoded. To support clients who want to implement their own password storage mechanism, WebSphere Application Server has provided a System Programming Interface (SPI) to do so. Encrypting these system passwords can provide some marginal additional security benefits for a specific class of vulnerability (poorly implemented application code), but it cannot provide defense against a malicious programmer or a determined attack. If you insist on implementing a password encryption solution, here is one example of how you could achieve this using the SPI. This content is part of the IBM WebSphere Developer Technical Journal.