You can set a constant in your wp-config file if you do not want the password stored in the DB like this:
define('WPMS_SMTP_PASS', 'your_password_goes_here'); // SMTP authentication password, only used if WPMS_SMTP_AUTH is true
See this article:
http://www.dangtrinh.com/2015/10/smtp-emailing-for-wordpress-multisite.html