If you store the password in the PHP, it will be accessible to anyone who has the PHP (i.e. anyone who has the plugin). If you store it in the database, it will be accessible to anyone who has direct access to the database (i.e. anyone who installs the plugin and knows how to use phpMyAdmin).
However, to store a simple password for a plugin, I’d use a WordPress option. This allows you to easily retrieve the password with code and makes things very flexible. It also allows you to let the user change the stored password if necessary.
// Retrieving the password
$smtp_password = get_option( 'my_smtp_password' );
// Setting the password
update_option( 'my_smtp_password', $new_smtp_password );
Just don’t use your regular email password for this. I recommend you set up a dedicated email account for your site to send messages through and keep both the name and password separate from anything you use personally.