I don't like having connection strings in config files, especially smart client config files. However, there are times when it is a necessity. So, the other "deal breaker" for me with NHibernate was to determine if I could create a custom connection provider that would allow me to have an encrypted connection string in the configuration, handle the decryption, then pass the appropriate information to NHibernate core.
Turns out this is a very simple endeavor. Create a class that derives from DriverConnectionProvider, and override one method from the base:
protected override string GetNamedConnectionString(System.Collections.Generic.IDictionary settings)
//do work to return an unencrypted connection string
Simple as that!