Yes, but the URL is only stored inside encrypted volumes, so someone would have to gain access to the server while the encrypted volume was mounted to read the URL. The actual password is only stored on a server that is in my home that blocks access in response to a tripwire on the remote server and only serves to one IP address, over a Wireguard tunnel. The only other way I could figure out how to automate rclone with an encrypted config was using a key agent that unlocks with a password (like ssh-agent), but I found it very difficult to get working reliably and I'm not sure it offers any additional protection because someone with physical access would still be able to decrypt the config file.
With the setup as I have it, assuming I can disable the URL in time, the only way to decrypt it would be brute force, even if someone were able to crack the encrypted volume that the config file is stored on.
I'm no security expert, so I'm sure there are better ways to protect my encrypted volume keys, but this is the best solution I could come up with that works reliably.