Security implications not withstanding, this is legal and completely possible and I have done it myself. In addition to technologies supported by Dreamhost, I also do some stuff with Cold Fusion. My friend set me up with some space, but his CF host uses SQL Server and/or Access which didn't particularly appeal to me.
He created a datasource for me that refers to my MySQL database and host name on DH. In my CF code I invoke the datasource which connects from that server to my database on Dreamhost. It works fine, but the username and password have to be present in the connection string. The only other task was to configure the MySQL database on DH to accept connections from the remote server this code is hosted on.
While this is in code that renders server-side, and connects to a database that has non-critical data for testing, there is a possibility of someone seeing connection info if the CF page blows up. That wasn't the point of the OP's question though.