We wouldn't be in backup business for long if we stored anything in plain text :)
Upon entering encryption key it is actually immediately encrypted, obfuscated and only then sent to the machine via secure connection.
You can't really extract the password from the config file in any way.

So, I'm guessing that the passphrase is taken through a PBKDF or some other cryptographic process to generate a key from the passphrase?

That's correct. Here is a link to a doc that talks about the process in more detail. Excerpted:

When the user enters an encryption password into CloudBerry, this password is stored in the settings file using AES encryption. When uploading, CloudBerry reads the encryption password from the settings file and generates an encryption key. To generate the encryption key, we use the PBKDF2 key derivation function (RFC 2898). The encryption key is salted and run through many iterations to further slow-down brute force attacks. The encryption algorithm runs in Cipher Block Chaining (CBC) mode to further protect the encrypted files. Furthermore, we use PKCS #7 (Cryptographic Message Syntax) padding. A cryptographic Random Number Generator (RNG) is used to generate the initialization vector (IV). Encryption is performed in real-time during backups. — D

CloudBerry Lab Security Whitepapers:
- Download CloudBerry Lab Security Design and Implementation
https://www.cloudberrylab.com/company/media/downloads.aspx
Direct Link: https://www.cloudberrylab.com/download/CloudBerry%20Lab%20Security%20Considerations.pdf

Thanks for the link, that's very helpful!

From this documentation, since CloudBerry controls (it has to, in fact) the AES key used to encrypt the password, it means that CloudBerry has the capability of recovering the encryption passphrase, and, thus, the encryption key. Is this correct?

Correct, but that can only happen if you consciously send us the original config file of the plan from your HDD. Even when sending diagnostic info using automated procedure the password string is modified so that it can't be recovered by anything. It becomes just "*" symbols.

Ok. I'll just recap to make sure I got everything right.

The password is stored encrypted in the client configuration file, is decrypted at plan execution time by fetching the AES key from CloudBerry's servers. The key is used locally to encrypt the data that needs to be uploaded during that backup plan's execution.

Is the password stored in its encrypted form in the Remote Deploy pane of the Management Console, or is it elided from the configuration file completely?