I've run into this problem too. I resolved it by passing the connection string to the script with an encrypted password. The script looks for the 'password=' text and decrypts the text following it. The string with the decrypted password would be sent to the DB, but never seen by anyone snooping around. If you're looking for a simple encryption method you could use a bar delimited ordinal string. Each character would be replaced by its position in the collating sequence. Using this method "password=97|49|98|50|" would be passed to the DB as "password=a1b2".
Not sure how I can make that work. I have ASP scripts that access the dB and the userID and PWD are coded in these scripts. Scripts were created via NotePad and I don't see how I can encrypt anything with the current tools available.
To address this for the time being, I created a local user and gave that user SELECT rights only from within DB2. This should allow me to pass an audit for the time being.