the important parts in the config file are encrypted and secured by your password. So without your password, having the config file is useless. You can find more information in our Knowledge Base:
As ehab stated, you can specify to use an alternative location for the config file in the advanced options. Please keep in mind however, that this currently breaks compatibility with our mobile apps for Android and iOS.
It is indeed a risk if someone else would delete the config file - but keep in mind that he could also just delete the encrypted files. You can always restore the backup file by copying it to the previous location of the config file. A short example:
Encrypted folder: C:\Users\TheCount\Dropbox\BoxCryptor
Config file: C:\Users\TheCount\Dropbox\BoxCryptor\.encfs6.xml
Backup file: D:\Backups\BoxCryptor-config.xml
Copy D:\Backups\BoxCryptor-config.xml to C:\Users\TheCount\Dropbox\BoxCryptor\.encfs6.xml in order to restore it.