this is what we do.  an ldap user with absolutley no priveledges being being a domain user.  and then restrict access to the server, ours is linux so ssh is protected as well as physical access.

Just be careful to consider the consequences of such a feature. You would still have to generate the hash somehow, meaning the config file is no longer a fallback to get the system configured correctly (you are now forced to use a tool other than a simple text editor to configure the system).

The admin gui provides password fields complete with *'s if you don't want people spying over your shoulder

With limited resources, I don't think it's worth it for such a thin veil of protection. If the result would truey protect the password then I'd be all for it.

The main reason I think no one would develop such a solution is because the WTF factor from their peers would be overwhelming. What would you think if you reviewed some code that obfuscated a password in a text file with a reversible open source algorithm? I'd be thinking that the guy who wrote it was on crack.

Fake security is worse than no security. Someone is likely to see the password is garbled and assume it's safely encripted instead of ensuring the file has correct permissions because they know full well it contains a plain text password. How long before we see people posting snippets of thier config file containing what they assume to be some kind of harmless hash?