> if SSL is enabled for the agent, all data would be encrypted and could not be viewed by an attacker.

Allow me to paraphrase Ghostbusters 2:

"Ray, if an external service you're connecting your app to asks if you want to encrypt the transfer, you say YES!"

DB username and password. Fuck - was pretty much waiting for something like this to happen. Just got one of these emails a few minutes ago myself. Luckily I was only using this for a toy app.