Plain Text passwords stored in web.config

Credentials stored in the web.config for the application should not be stored in plain text, they should be encrypted.   Passwords for SMTP and Active Directory are visible