All the Salesforce credentials are fully encrypted which means nothing is stored in a plain text. Data being seen by user is being decrypted on the fly using the private encryption key. Even if 3rd party would gain an access to these credentials they will be useless without private key and decryption method Shopiforce is using.