Mechanize has no idea where the values it sends come-from.   You’re right that storing passwords in plain-text form represents a potential weakness ... but if you encrypt them, well, you have to store the encryption key somewhere, too.   So, an API to KeePass would probably be the best bet here, and this will have nothing directly to do with Mechanize.