At this moment all saved database connections are available as soon as you open FME workspace. So once someone is able to enter your device, he is also able to enter all databases you ever entered as a database connection.
It is possible to use embedded connections without saving the password as an bad alternative, but this is no practical workaround since you'd have to enter the password on every run. Besides that it requires a lot of extra maintenance upon changing database credentials.
Another alternative would be to add a password to your fme workspace, but this only works for existing workspaces, while database connections also can be used in a new FME workspace.
My suggestion/idea is to add a master password for all databaseconnections which has to be entered once every time a database connection is used for the first time within a session. You can compare it to a master password like Bitwarden, Keepass or any other key vault uses.
I think without this master password on the database connections, FME currently contains a big security vulnerability. So hopefully this feature can be added soon!
