well, you can give the file some obscure name, but then anybody who is on the curious side (like myself) will find it..... you can encrypt it, using a control like the blowfish control, or you can make your own cipher.... but any time the password file is accessible it's subject to being cracked (brute force attacks at the very least).
If you can make sure that there is an internet connection on the machines that this CD will be used on, then it's easy enough to make it retrieve the username/password info from a server (which also gives you the power to change the username and password, if you have access to a server). Let me know if I can help.... or if you meant something else altogether.
Search google for vb6 control blowfish, which is an excellent encryption method. You can use the control to encrypt the files before you burn the disc, and then at runtime, simply have the control decrypt the file to a temp location on the hard-drive (since you probably will have finalized the CD). Then read it normally, and delete it when you are done.