Has anyone thought about putting them in database fields? Encryption is an option for instance in MS SQL.

Good discussion. I never consider this to be issue. You've got me thinking now.