Yes the workaround might work to put encrypted password in the file. But i think ultimately it will get decypted in the org.jboss.resource.connectionmanager.ManagedConnectionFactoryDeployment class and gets logged.
2012-04-03 15:11:50,341 DEBUG [org.jboss.resource.connectionmanager.ManagedConnectionFactoryDeployment] [ | main] setting property: XADataSourceProperties to value URL=jdbc:mysql://xxxxx.ca.com:3306/DB |
User=root
Password=root