For embedding there are other methods of integration also like HTML5 embed tags, HTML5 object tags, webservices apart from iframe. If you use iframe and if security is concern then tokenization of user and password can be done.
Regarding the other question (its not very clear), in EFWD file we maintain the dbconnection and sqlqueries. If you have any more questions we can setup a call also. For the same you can send an email to email@example.com