Firstly, assess the risk associated with someone retrieving the credentials, particularly in terms of:
1. How likely it is.
2. What damage would be caused by someone using those credentials.
3. How quickly you can respond to the compromise in terms of securing the resource the credentials are used to access and in terms of distributing a fix.
I would almost certainly suggest there should at least be some obfuscation as the credentials are probably very easily accessible of they are just text constants. As for obfuscating the text, I would suggest some kind of symmetric algorithm (not neccessarily encryption with a key) and then put some anti debugging code in place. There are some good chapters in
this book[
^] that mnight be worth looking at.
If the impact and likelihood of a compromise is significant, then you may need to think about something a bit more secure and abandon hard coded credentials.