Let’s say your application uses a web service “www.example.com” and authenticates with the password, “letmein”. Compile the program and examine it with strings, objdump, or whatever:

$ make
$ objdump -j .rodota -s program
a.out:     file format elf64-x86-64

Contents of section .rodata:
 4005f8 01000200 7777772e 6578616d 706c652e  ....www.example.
 400608 636f6d00 6c65746d 65696e00           com.letmein.  

$ strings program
/lib64/ld-linux-x86-64.so.2
__gmon_start__
...
www.example.com
letmein

This is pretty easy. If you obfuscate it, you still need to put the plain text somewhere in memory before you can use it, so instead the attacker does one of the following:

• Intercepts network packets (easy, takes 5 minutes with basic knowledge Wireshark)
• Uses a debugger (easy, takes 10 minutes with basic knowledge of GDB)
• Reverse engineers your source code (hard, takes hours or days)

Note that the obfuscation tools make it harder only for attackers that are already doing it the hard way. What’s the sense in that? All you’ve done is make it take 15 minutes instead of say, 5 minutes for an attacker to get the password from your executable. Since that’s pretty much the best you can do, don’t work too hard on it. Just XOR the password with some easy pattern and hope that the attackers are very lazy or stupid.

C-3PO: Master Luke, sir. Pardon me for asking, but what should R2 and I do if we’re discovered here?
Luke: Lock the door.
Han Solo: And hope they don’t have blasters.
C-3PO: That isn’t very reassuring.

(You will probably end up spending more time on this than your attacker will.)

On the other hand: If you are trying to prevent non-root users from accessing the password on a trusted system, you can do that with permissions & setuid binaries.

Footnote: The purpose of obfuscators in general is to hide program code, not data. For example, if your application uses an algorithm that is a trade secret, that is when you would want to use an obfuscator.