I've never really worried too much about that because the ConnectionString is in compiled code on my web server. However, if you are really that concerned, write a small program to encrypt your ConnectionString creating a Byte array of the encrypted ConnectionString that you can paste into your web site source code. In your web site source code, decrypt the encrypted ConnectionString before passing it to the SQL Server.
There are examples in the documentation. See
TripleDESCryptoServiceProvider Class[
^]