It is possible to encrypt specific sections of Web.config file including the <appSettings section which has the db connection string. However to do that you cannot use user.config file, so you have to maintain all the settings directly in Web.config and remove the attribute for user.config from the <appSettings file="user.config"> element
You'll need to google for information about methods to do the encryption of web.config sections, this thread on stackoverflow is a good start.
Make sure you backup your Web.config and user.config on your local machine in case anything goes wrong.
Hope that helps,