I agree that the password value should be hidden in the request's properties in Navigator as it's hidden in the other panels. I have registered an issue in the internal DB for this.
As for the fact that the password is stored in the project file as-is, it's the expected default behavior. To protect your sensitive data can either encrypt the whole project or selected properties as it's described in this article: https://support.smartbear.com/readyapi/docs/testing/best-practices/secure.html
What version of SoapUI/ReadyAPI! are you using? I'm running ReadyAPI! v2.6.0 and the password is obfuscated and has been for a while - I remember it wasn't in SoapUI v3.5 - but that was years ago!
Just to clarify, @Rama16, do you see the value of the password field?
At the moment, there is no ETA of a fix to this issue, but I'd like to assure you that the Product Team always treats security-related issues as critical and tries to fix them as soon as possible.