It's not how secure the servlet is, through normal operation it's pretty hard to get the servlet code from the server. If your system is insecure however then they can get the class and/or source files off the server.
If you like, you could obfuscate the portion of code containing the login and password and that would make it much much harder for someone who actually did get the class to decompile it and get your db username/password.
If your database is set up properly then remote access to it by any user who does get the username/password would be denied. This however is unlikely to help since if they do get the class then chances are they have shell and possibly root on the box and can use telnet to mess with your data.
So, in a roundabout way, I'm saying that servlets are safe as long as the box is safe.
As far as obfuscating your username password in the code I once coded the username/password for database access inside of an
applet (just for kiks) and RSA encrypted it. The private and public keys were both stored on the server inside of a servlet and obfuscated by having a character array built out by several classes which contained the passkeys. Once converted back into prime numbers these keys could be used to decrypt the username/password and then connect to the database. (if you're wondering this was because each instance of the applet had a different username/password based on the client). It wasn't blazingly fast but it was about as secure as you could make the mockup.
-hope this helps: Hoopy