dodgerz,
All our customers have put their MySQL Server access details in some or the other config file which is not difficult to view. cPanel has taken care of security of your database as it does not allow anyone to connect to the database remotely untill and unless specified in the MySQL Server section of cpanel.
Make sure that you never add % in acces host section of control panel as that must have allowed the hacker to spoin your database.
Regards,
Mark,
http://eukhost.com