is DB password encrypted in transit while CMOD (9.5 or 10.1) is connecting to a remote oracle DB. I know the password is stored encrypted in stash file.
IBM CMOD Passwords are usually sent as salted password hashes, not cleartext. If your local Oracle client is configured to communicate with encryption enabled, then the password is also secure. Double-check your client config, and work with your network & security teams to make sure the data is encrypted in transit by examining packet captures.