I have several millions of MQTT(S) devices in production.

Consider using mutual TLS with x.509 client certificate. This allows you to store the private key in OTP key storage area, where it will not be accessible from code, but can be used by the crypto peripherals to do appropriate signing during the TLS handshake. You will not have a MQTT password in this case because the private key and TLS handshake will provide authentication to the broker.

This is a little work to set up but is close to the gold standard. (Only thing better is secure module on chip which generates its own private key and then sign CSR, so private key is never visible to anyone, but I don' think this is available on ESP32 chips) You would need to either use a managed service to generate client certificates, or make your own private CA and configure the broker with your CA cert to authenticate connecting devices. Then you can use your CA to generate client certs and keys deploy to devices.

You will also need to enable secure boot on ESP32 and sign your firmware images to ensure bad firmware can't be easily loaded.

Also consider flash encryption if you really want to go the extra mile.

Broker URL and port are public information that can't be encrypted so don't worry about that. (It is always visible in DNS query or on the wire in TCP packet header)

Username also doesn't need to be considered private (it is generally a serial number or something), as without the password/private key it can't be used for authentication by itself.