Even a locla buildout.cfg wants to be kept under revision control.
It's better to put passwords into some text file and encrypt the the file e.g. using AES-256.
Asking for the key at runtime or decrypting the encrypted password store should be save enough.
...and save enough in case you commit the encrypted pw store to a public repo as long as you use a strong key.
-aj