msmtp and smtp account password - how to obfuscate

Question

I configured msmtp with my gmail account. I obviously want to avoid writing my password in plaintext format in the config file. Luckily enough msmtp offer the option passwordeval which can be used to obtain the password from the output of an an executable.

The question is: how should I use it?

I found here the following suggestion: passwordeval gpg -d /some/path/to/.msmtp.password.gpg

That doesn't make much sense to me: if someone is able to access my config file he will certainly manage to run such a command and obtain the password from gpg.

So I believe I'm left with the only option of obfuscating the password within the binary executable even if I read almost everywhere that this is bad!

My impossible-to-hack implementation is: if the sendmail process is running output the correct pass, otherwise give a fake pass.

Your suggestions? Other (more secure) tricks different from storing the pass in the binary file?

Answer 1

From Sukima's comment:

The reason gpg -d works is because it requires the private key of the person the file is encrypted to. So just placing that encrypted file in the public it is still encrypted an only one person (the one with the secret key) can decrypt it. It is assumed that the secret key is locked up on the user's machine and not leaked. It also assumes that they have not setup any agents which cache the unlock password while a hacker has direct access to the same machine. All of which is highly unlikely in 99% of all attacks.