In a Shared Web Hosting environment, the most secure place to keep your database password is in the application.cfc/application.cfm file for your website.

Another option is to store username/password in the datasource, however, it is a big security risk in the Shared Web Hosting environment. Storing the password in the datasource means that anyone on the Shared Server can access/change/delete records in your database without any authentication.
If you still want your username/password stored in the datasource, despite the serious security risks involved, please submit a Add Username/Password to ColdFusion ODBC Datasources request via the HostPilotĀ® Control Panel > Support > Extended Services.

Note: the most secure place to store the database username/password in the Dedicated Web Hosting environment is the datasource.