If the data connection is saved in the library with the option "Yes, save credentials with the connection data source" selected, the credentials are embedded in the data connection.
When the data connection is exported from library, using Tools==>Library Administration==>Export, the exported file goes to "<Spotfire Server Installation Directory>\tibco\tss\<version>\tomcat\application-data\library". This exported zip file when unzipped, will have a file in it with a random id and this file will have the unencrypted data connection credentials in it. So, anyone having access to this path on Spotfire server will be able to see the unencrypted data connection credentials.