Another user, Matt Kropp, supplied this information on ASP code not going over the web and some ways to prevent it:
This is a very real concern at some sites. Often times it's because of poor coding practice (placing clear-text passwords for database or file access inside of ASP code). In the past, more than one exploit has been discovered in IIS that could be used to retrieve unprocessed ASP code. Also, there is no guarantee that components used by ASP code can not be exploited to retrieve file data from a server.
To deal with these issues several people have come up with ISAPI DLLs that allow you to store your ASP files on the hard drive in encrypted format. The ISAPI DLL grabs the encrypted ASP file from disk, decrypts it in memory, and passes the results to asp.dll for final processing, the memory image is then zeroed by the OS before it is returned to the free memory pool.
While this won't stop exploits that might be discovered in asp.dll, it does limit exploits that work either directly, or through components, on the file system.