Regarding scripts:

"Since scripts may contain clear text passwords required to connect to the database, these should be encrypted."

Do you mean encrypt the filesystem where the script resides on? IMO not much difference with setting appropriate access controls etc. What does encryption add?

Furthermore, wouldn't a much better mitigation method be to use Windows authentication/SSPI to eliminate the need for passwords in scripts?