That’s just security by obscurity. And In case of a popular software an attacker would know where to find the required key. That’s only an additional 2 seconds for an attacker.
I’ll try to explain the problem. Let’s say you want your Home Assistant to connect to some cloud service. Let’s say your e-mail account to send e-mails. To do this, Home Assistant has to pretend to be you. Hence it requires the username and password required to login into your e-mail account. In plaintext, because your e-mail provider wouldn’t recognize the encrypted password. And if it would, the encrypted password would just be as insecure as the plaintext variant because both could be used to login.
So the obvious solution would be to encrypt the password with a predefined key. Home Assistant would need to know that key to be able to decrypt the password. And where does it know the key from? From it’s own configuration. The same configuration an attacker with filesystem access already is able to read. So if this would be implemented, the attacker would just have to lookup the key and use it to decrypt the password.
There is one solution though you might not be aware of: keyring. With this your secrets are saved within the keyring (encrypted). The password required to access the keyring then has to be entered as soon as the Home Assistant service starts. So the downside of this solution is, that such a system won’t come back online if the system crashes / reboots as long as you don’t enter the password required for keyring access.