Some additional thoughts:
Due to the nature of files being fully encrypted it makes recovery of the data pretty much impossible. What I often recommend is you simply manually encrypt those fields you feel are critical such as a credit card number, SIN, or similar. You can use the the built in HSH function to accomplish this:
Val$=CVS( HSH(PASSWORD CreditCard$ WITH "aes-256-ofb",KEY=ATH(HSH(password$,-2))),"ASCII:BASE64")
This will take the value in "CreditCard$" and encrypt using the aes-256-ofb algorithm based on the SHA-256 of the password you chose. In order to be able to store this on a file in printable format we finally use BASE64 conversion on the value.
You can Extract it using:
x$ = CVS(val$,"BASE64:ASCII")
CreditCard$ = HSH(EXTRACT x$ WITH "aes-256-ofb",KEY=ATH(HSH(password$,-2)))
Now as for hiding the password, one simple technique is put the password in a system environment variable. You can then reference it using:
password$ = ENV("OurPassword")
If someone takes the programs they don't have the password, so really they need the environment to get the password. If running NTHost, or Simple CS, you only need to set this in the base launching process and it will be carried through all spawned tasks. As long as you keep them from getting to command mode in the language they can't print the ENV value on any other session.
You could even make the password come from multiple sources -- simply append other data to the password prior passing it to the HSH(..., -2) function.
Since just some of the fields are encrypted the file can be recovered if needed and if someone does get hold of the data file, the encrypted data is pretty much useless.