Editing the server URL is not really possible, because internally this is a very complex matter and there are many possibilities for data loss because data has internally to be copied partially (only the unsynced data?) to a new calendar/address book. There are so many cases where this could result in chaos, so we probably will never add this feature. All you can do is create the second account, export unsynced data manually on the device from the first account and import it to the newly created second account. There are helper apps like ical Import/Export afaik.
Password stored as plain text in the "accounts.db" file
In the database found under “/data/system/users/0/accounts.db” the owncloud password is stored as plain text.
This means anyone with root access on the phone, probablly including closed source apps that need root, can aquire the password.
This might lead to the discussion that a rooted phone is always a risk, however it would still be nice to add an additional layer of security here.
Thanks for your suggestion, but this is intended Android design. DAVdroid uses the Android account management and password methods. Additional security would have to be implemented in this API.