Sitefinity also supports the so called Integrated Security. This means that there is another way for getting a database access without exposing any passwords, users and such information. If you decide to try it, you should go through the following two steps:
1. Set your project's connection string that you will use Integrated Security for authentication like this:
|<add name="Sitefinity" connectionString="data source=localhost\sqlexpress;Integrated Security=SSPI;initial catalog=DBtest"
2. Add the account under which the ASP.NET
process is running as a db_owner
in the SQL Management Studio
Hope that this answers your last question too. Please do not hesitate to ask if you have any further thoughts.
All the best,
the Telerik team