In terms of security, it would be best practice to avoid, if possible, storing user credentials. MSDN status :
Applications often ask users for a username and password that are used as credentials to authenticate a user with a web service or website, but if they do this every time the application starts, users can get annoyed.
It is highly recommended that your application request for usernames and passwords every time your application needs them from the user; if you try to save the credentials, you run the risk of exposing the credentials for a malicious application if Windows Phone is lost or stolen.
In fact, in the data encryption textbook mentioned in another answer, Rob Tiffany makes a similar refusal statement :
The OS does not include a framework supporting the storage of your passwords and salts and is reliable with any built-in key management. This means the only way that your encrypted data is actually safe is never to store your password, salt value or keys on the phone.
...
If you see an application in the Windows Phone Market that allows you to cache your credentials or keys locally for convenience, keep in mind that these are not secure solutions, because all that the hacker needs is your data right there, in code or in isolated repository.
Encryption is useful for raising the panel, but it will not really protect credentials from a recognizable hacker. Usability sometimes surpasses security, but you must make this decision, knowing that in this case encryption will not solve the main problem (and, perhaps, will allow the user to find out about this risk).