Hi
The SEPM DB is encrypted with the password to put in under the installation or if you choose the simple inst with the admin password.
I think they are using a normal LDAP request, but are not sure. Haven't though of this until now.
You are also using a AD user if your are using your LDAP structure as groups.
But I can't imaging that they haven't this under control, if not. They should stop selling security products :-))