Passwords must be accessible in plain text, because there is no control over the various sources. If necessary, the password must be sent in plain text.
However, this is no excuse for storing them in plain text in the configuration.
CRYPT_KEY=2+oHyXHtwC6uxkliy4/ebM5aITT4eF9L2+Sf4YyIVUU=\n%
#-------------------
LOCAL_1_PATH=/local-data
LOCAL_1_NAME=local
LOCAL_1_DAV=true
LOCAL_1_DAV_AUTH=1thorsten:webdav
#-------------------
LOCAL_1_PATH=/local-data
LOCAL_1_NAME=local
LOCAL_1_DAV=true
LOCAL_1_DAV_AUTH=1thorsten:{crypt:vaGcnaDY3T7YsFW9IQDKKIppJms68JVJ84ccg9c}