Thought I'd just put a quick post together on this one, since I am often asked about it.
If you are worried about leaving names and passwords in web.config, but like the ease of it, then a very simple way of encrypting the values, putting them in the registry and then retrieving them through a simple change in syntax in web.config is detailed here: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q329290; it also includes a little command line utility to do the work for you. Nice.