C#.net security

I have a C#.net 2008 professional version of a desktop application that I was requested to change.

The application that I am suppose to change has user names and passwords in config files that any open can open and see. The user name and password that you can see point to the sql server2008 r2 database.

Thus can you give me suggestions on what to change and how to change those items by pointing me to urls (links) that I can use as a reference?