You wouldnt have to worry about connections and passwords using a DSN... then have your connection string reference it..

.Net has built in configuration system, in which you could encrypt/decrypt the connection string too..

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfsystemconfiguration.asp

I agree with your coworker and manager, having to recompile and redistribute just because of a connection string change is not optimal. BUT I dont suggest using the old API for it..

Jake