Here is an article that describes how local passwords can be masked in the unattend.xml so that they can no longer be read in plain text.

However, the article is written in German. so far I haven't had time to translate it.

Maybe you can still use it.