Having the ability to "mask" passwords in configuration is on the 7.1 schedule. However, I just want to add that have seen very few people use this feature in a way that has better security than not masking your passwords. If you do not require human interaction on boot (typing in a password, providing a removable key device etc), then these passwords are trivially reversible. You can also have tighter file perms on the keystore, but you can accomplish the same thing by using good file perms on standalone/domain.xml.