You always will need the password and username to connect.
You can of course deny access to the file that contains you data by a .htaccess file. However it is always smart to keep those settings in a settings file that is placed outside of your browse able content (and preferably your git or svn repo as well).
Like that people need access to your server (or a big error in the code) to be able to access that file.