Unless there's encryption and decryption involved, reading in a password any way has its risks.
If you want to call the password from a file, you could make a file called /.password (. so it's hidden, chmod 700 user = the user you want to be able to access it)
and in the script
rman target sys/$pwd
Like I said. Using this method requires that you do as much as you can to protect the file you're going to read the password from.
Hope that helps