The real issue which exists here is, InfoPath xsn file is a combination of XML files with is finally nothing but somthing that is very readable, so even if you create a secured database, and in the connection string you provide the user name & password; its stored in the XML file...!!! fully readable ..so please dont do it.. unless you really want to expose your username & password.
The only(easier) possible workaround(yes; workaround !) is to use a webservice which runs in the context of a specific user, give the permissions to this user on your database and then you can create a InfoPath form with accesses the webservice ...but the point is . xsn file will still reveal the server name where the webservice is situated..so its upto you if you dont mind you can go ahead & do it..
The other way is use the .NET code behind use ADO.NET to access the data and updata the xml nodes in Infopath programmatically..its offcourse secure ..but you have to give full trust to the IP form in order to allow it to execute....moreover...if you need to do all this just make sure you really need InfoPath 🙂 may be the tool that you really need is ASP.NET have a look at http://msdn.microsoft.com/library/en-us/odc_ip2003_ta/html/odc_IPInfoPathDecisionTree02.gif if you are confussed . also have a look at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dno2k3ta/html/Office2003OverviewDeveloperTechnologies.asp