I store my SSIS passwords in a third party password manager, along with the rest of my database related credentials for service accounts and any SQL authenticated logins.  I keep that program's data file in a place only the system admins can get to.  The only problem with deploying the package to the server is if it's scheduled in a SQL Agent job, the password you enter for the job step will be visible in plain text in the MSDB.dbo.sysjobsteps table, so make sure you restrict access here.