Depends on what you mean...
The XUser and XPassword parameters in the connection string are not encrypted. They are merely scrambled so that it is not possible to read the password when you look at someone else's screen. Obuscation - not encryption.
The credentials are passed to the ODBC driver (on the same computer) in clear text.
The ODBC driver in turn, sends the credentials to the RDBM server. This step can often be properly encrypted, but this is done by the ODBC driver, not by QlikView. So, look in the settings of your ODBC driver or OLEDB provider.
Good question Leonardo. I did some research on this area and found out that QlikView ODBC connection strings are stored in Base64 Scrambling method. As suggested by HIC, you can control ODBC connection string encryption outside QlikView. And you have one more option of using VBScript with ChilkatCrypt2 encryption component. I have not implemented it but this should work.
HIC - Any plans in future versions to add the encryption? Not just ODBC connection string but I'm also concerned about Hidden Script Password...
Thanks in advance.