If someone gets sufficient access to your server to read arbitrary files it is 99.95% possible that they also have sufficient access to just read your DB username and password straight out of the Rails application's memory. (One method, among many, would be "Attach a debugger to it." For a graphic example of what is possible with debuggers, in a format slightly easier for Rails devs to understand, see: https://github.com/ileitch/hijack)
