Either way you look at it, if a script has access to the database then anyone with physical access to that script will be able to access the database directly if they unravel whatever obfuscation scheme you come up with. Basically: If the script can do it, so can anyone else.

The proper solution IMHO is to create a database user with restricted access, the DBA password is for the DBA only. In real life, this may ofcourse be anything from trivial to impossible depending on exactly what the script is supposed to do and how the data is organized. The key issue here is exactly how much access do you need?

This is for the script programmer to figure out and the DBA to set up. Either start with everything and then tighten it down until things break, or (better but more painful) start with nothing and then grant every bit of access you need as you proceed.

Security through obscurity doesn't work and policy makers must be made aware.