The key part is using a piece of software called: msmtp (sendmail replacement). It’s a very light weight sendmail-like client, which lets you do Authenticated SMTP.
Yes — you can already see the issue here — your password is in plain text. Sadly, this is a requirement. You can chmod the file, but if you share the system with “root” users, there is no way of getting around this — at least I have not seen anything about storing the password encrypted. You will notice, Postfix with SASL passwords for IMAP relay auth suffers from the same problem.