The change I would suggest is to start by NEVER storing passwords in layer files or mxds. This change would NOT apply to Operating System Authentication, and that setting saves as normal.
Put a password store in the local ESRI directory, such as those used by browsers. When a connection is saved with database authentication it saves the information to the local password store. Upon opening a map or adding a layer a new box will show up asking to choose from an existing user/password, or to type a new one.
This will only happen for the first layer with that instance, and all subsequent layers will use that same password/username combination if the box is checked to use for all layers, unless an authentication error occurs, such as having a layer that requires different credentials.
The authentication error immediately stops the process of drawing layers and asks for a password, so as not to lock the account.
Hitting cancel will mark all layers with that username and password as having an invalid source, and will not continue trying to lock the account.
Not checking the box to use the same username and password will prompt for a username and password on every layer for that connection.
Also add an option to change the username and password for a given layer in a right click menu.
This change would also solve the problems listed in the following Ideas:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.