Are you storing login and password credentials on device (Titanium.App.Properties) to prevent need of loggining each time application starts?
It depends on how your server is set up, but you can't store authentication credentials in a persistent cookie, if that's what you're asking. If you want to avoid using oAuth (not a bad call), my suggestion would be to authenticate against your server once and have your service return a token to be used on subsequent service calls. That way you don't have to store a password on the device at all.
Can I store user credentials on device once he signed in and use them on next application run to "auto sign" user and prevent showing login dialog? Is it safe (data stored on device is encrypted)? What is the way to do it without using OAuth.
You dont need to.
If you're using standard database setups, store the id of the user locally. Then when you go to the login page, if the id is set in the app properties, you dont have to login anymore, just redirect. If not, prompt them to login, then save the id.
But session is stored on the server. What if someone intercepts method of authenticating user by id?
Think you can help? Login to answer this question!