The password isn’t stored at all, if you just type it at the command line (though it can be stored in the bash history). It is stored in memory and visible when using tools like top. You need SSH access to the MBL for that though. If you use the configuration file, it is stored in plain text. Also then you need SSH access to the MBL in order to access this file.
However, depending on your DDNS provider, the DNS update request itself can be sent over the internet in plain text (see for example http://www.noip.com/integrate/request ), so anyone could intercept that request and extract the password. Your MBL is then the least of a problem, in my opinion.
Cheers