Ability to secure Web Service username/password

Currently if calling an authenticated webservice in another app, the username/password can be either hardcoded or a constant.  Either way the password will end up sitting in the codebase unprotected.  The option of using a Microflow or xpath to retrieve a value would mean we could store it in an entity and encrypt it, improving the security of the solution.