In this scenario, the password is stored in the Connection String (link). So, as you've discovered ... when the MDB is open ... anyone can view data who may have access to the database container (window).
The one scenario that would get around this ... but requiring considerable more code and redesign ... would be to *not* link at all, but instead use the OpenDatabase Method in vba code (via DAO) for all data accessing operations, including creating Record Source's for forms, combo boxes, etc. Depending on your app, this could be a significant change.
This is the only scenario I am aware of to avoid this situation.
mx