Mysqld_exporter security issue: how to protect database password from config file .my.cnf

The database password is defined as a clear text in .my.cnf file, is there a way to hide it?
Or can we support start mysqld_exporter service with requesting username and password from an API call or command return instead of simply reading hardcoded text from the cnf file?

No, storing in text files is the safest way to configure credentials. You can use UNIX file permissions to protect the secret. There is nothing wrong with storing credentials in a file, this is standard for pretty much everything out there.