The Mask Passwords Plugin helps masking the password in Jenkins' GUI.

Unfortunately the passwords are already stored clear text on disk.

They should not be stored. Storing them symmetrically encrypted is not necessary too, I think, as they are/should only used one time.