Yes, it's encrypted in the master database with the internal pwdencrypt function. It's a one-way encryption (there's no pwddecrypt function).
Note: if you have registration settings for Enterprise Manager that use standard logins (such as sa) then they are sort of encrypted but beware because they can be extracted.