One of the strengths of Windows NT is the way it handles security. When a user logs on, the system automatically gives him a set of permissions granted by the system administrator. After this, each application or service can query Windows NT to see what resources he can access. Most popular database providers offer this type of security as an option.

Under this type of scenario, all you need to do is make sure that the people with whom you want to share your data have the appropriate permissions to read it. In this case, the ConnectionString in the report definition file doesn't need to contain any passwords. Authorized users get to see the data and others do not.