We keep the ConnectionString information in memory while the Application Designer is open. When the Application Designer is closed, we only save the safe ConnectionString in the model. The safe connection string is a connection string stripped of any data that might be a security risk. This decision was made to avoid storing any sensitive information in the SDM file.
Therefore, if you close/save/reopen the Application Designer, you will notice that your password is no longer visible in the Connection String dialog for any consumer endpoint that has not been implemented. Implementing the application at this stage will result in the generation of a ConnectionString in the .config file without the password information.
During implementation we inform the user, through a dialog, that the ConnectionString information is being persisted unencrypted. This is so that the user can encrypt the information if he so chooses. Once an application is implemented, we pick up the connection string information directly from the .config file.