Not sure why you would want the user in the script and not to access things?
One way around this is to have another QVW which exacts the data from the DB to QVD's,
Then in the QVW that your users access, you would take out your connection string and then re-point your load statements to the relevant QVD's.
This is how I would normally go about development any how.
The two-tier solution proposed by mark6505 is the correct way to isolate your database access.
The QVD generator is a normal .qvw file that the user does not have access to. This document is reloaded by the service account on your server/publisher and creates QVDs of the data being extracted. The user cannot see the connection string(s) or tamper in any way with the load script as they have no access to the document.
Your document would now load the data from the qvd files, so replace the SQL SELECTs wih LOAD FROM ....qvd statements. The document can be reloaded on the server, or even by the user, providing the respective accounts have access to the location where the qvds are stored.