I think that the password is hidden and encrypted in one or more of the .jar files as well; and I wouldn't know how to go about changing the encrypted values (yes, untar and look into /classes/ojb-conf.jar).
Doesn't WebSphere administration interface offer a place where you can change the XMETA password, perhaps in the JDBC providers section?
I have installed xmeta only on DB2 on Windows. The authentication is OS based, so essentially we could change the password for xmeta OS user to that of db user and it will work fine. I could use that method when password expired on our test system and found the policies did not allow re-use of password.
I have been advised by a knowledgable IBM consultant to set the xmeta password to be non-expiring. If the xmeta is not accessible, then your datastage environment will not work.