If UpdraftPlus is storing a secret access credential for you (e.g. FTP password for remote storage), then any WordPress admin will be able to obtain that password, if they are clever enough (and you don’t need to be very clever).
That can’t change – anything that WordPress can do (e.g. get an FTP password, in order to store a backup), a WordPress admin can do by using the right techniques. This is especially so with a backup plugin – if they can download an existing backup, then they can read the password (by reading the database backup file).
As such, giving people admin access is always risky – the admin basically owns the site, with complete control.
However, if you understand this and really still want to star-out your passwords in the admin section because you have not-fully-trusted admins, then it can be done. Read about how to do it here.
