The password could be stored in encrypted format in a file. The open command would reference a variable like $pwd01 that would fetch the password from the file, decrypt it and pass it to the command line
It is not possible to securely encrypt passwords in a way that still allows for automatic use.
That true even for password format WinSCP uses in INI file. It's not really secure. It's just a kind of obfuscation.
However I just read in the documentation "For security reasons, when protocol (such as sftp://) is provided as part of session URL (possible execution from web browser/Windows Explorer), all command-like parameters that cause any automatic action are ignored, including /defaults, /log, /script and /command. "
But that's for
only. You are not doing this. You are using