Yes, this is probably a good thread if you are changing the source code within the module. Otherwise the only option I would recommend or suggest would be to use the 'SQL Default Value' and within that query pass it the parameter such as the $(DSParam1) token etc... The SQL would then be responsible for decrypting the data and you would have to look at function calls specifically within SQL to handle this. So option 1. modify source for module and option 2. use stored procedure/SQL to handle this.
Typically... You would want to pass a very unique value (such as a GUID or unique identifier) and have that identifier used to pull the specific data out of a database table instead of passing values around along a querystring like this. Otherwise you also run the risk of someone figuring out what the encryption/decryption methods are and being able to access that data anyway.