I've written python code by using httplib to consume REST API, that required basic Authentication.
So i used the username and password in plaintext in the code.
1)Is it right to put password in code ?
2)If wrong what is the right way?
Putting passwords in code is a bad idea(tm), since your could could end up on Github, etc, and leak the password. Use buildout.cfg to store secrets, and keep buildout.cfg specific to each installation (i.e. don't check it into source control).
Even a locla buildout.cfg wants to be kept under revision control.
It's better to put passwords into some text file and encrypt the the file e.g. using AES-256.
Asking for the key at runtime or decrypting the encrypted password store should be save enough.
...and save enough in case you commit the encrypted pw store to a public repo as long as you use a strong key.