A meeting with Neil, Guillaume, Nick and Tony decided that the security of the Agents could be increased by moving the password out into a separate file (i.e. out of bootstrap properties).
The reasoning behind this is that customers may want to place files like bootstrap properties into a git repo at which point the passwords become fairly public knowledge.
The Java Agent has a separate problem of where to put the key used to obfuscate the password. I would suggest this is placed in yet another file.
It was also suggested that the Agent be able to pick up passwords from the environment. Although this was deemed to be not the most secure approach, some customers may wish to persue it.