Hi Nikos,
Yes, you are right that there's no provision for encrypting the keystore and truststore passwords. I suppose you could subclass SSLSocketBuilder and override setKeyStorePassword(). Then you wouldn't have to recreate jboss-remoting.jar.
-Ron