Well, for someone with Moodle adminsitrator access, it is quite hard to stop the accessing things. (For example if you had https://moodle.org/plugins/view.php?plugin=report_customsql installed, admins could read the data directly from the database.)
However, there are some things you could do:
- In your theme, add a style rule div.unmask {display: none;} That will hide the option, but it is not very secure.
- Tweak the Moode code, to change calls like $mform->addElement('passwordunmask', ...) to $mform->addElement('text', ...), and admin_setting_configpasswordunmask -> admin_setting_configtext.
Also, you could set up your SMTP server so that the username and password that Moodle uses only has the minimum number of permissions necessary. Moodle does not need the SMTP server administrator password. It only needs to be able to send emails through the SMTP server.