It is not possible to securely encrypt passwords in a way that still allows for automatic use. Even the passwords stored in a site can be retrieved. They are not encrypted, they are only obfuscated. If WinSCP can retrieve them, anyone can.

See https://winscp.net/eng/docs/guide_protecting_credentials_for_automation

If I generate the Full URL it includes the password in clear text. I don't really want to store that in a command file. Is there a more secure way to accomplish this?

Your script uses /ini=nul switch, what makes it ignore any global configuration. That's actually the recommended approach:
https://winscp.net/eng/docs/scripting#configuration

But that means that you cannot use a stored site.

Either replace the stored site name in the open command with a full URL. WinSCP GUI can generate it for you:
https://winscp.net/eng/docs/ui_generateurl#script
(recommended)

Or remove the /ini=nul switch (not recommended).

I have a saved login that also has the password saved and the port set to 8022. I can go into WinScp manually and log into the SFTP site without issue. However when I try to automate the process and use the command open FTPDICTATIONS@mcf-upgw1 I get log entries showing it is using port 22.