I didn't try what you did, but are you sure the password in these files are not going to be encrypted the first time they are used?
Like what happen with boot.properties where you enter Weblogic admin user and password and the first time Weblogic start and use the file will encrypt both the user and the password.
I was hoping that would be the case originally but it doesn't work that way. I'm not thrilled to leave it unencrypted, however if it's read-only for the super-user and it is only the schema user not the weblogic admin -- I may have to live with it until I get more answers from Oracle. Thank you.