Encrypting the shared secrets in the clients file doesn't do you any
good. You need it in cleartext to perform the MD5 authentication,
so if you encrypt it you also have to store the key somewhere on the system
(or fetch it from somewhere using some secure protocol), and if the bad
guy has root permission to read your clients file, he has those too.
The bottom line is this: If the bad guy has root permissions on your
authentication server, you lose big. So protect your RADIUS server
host by taking proper security precautions.
-- Carl Rigney