Recently we were debugging an inhouse built IIS deployment tool and discovered that the Web.ApplicationPool.ProcessModel has credentials in clear text. This means it would be possible to run a tool on a remote server and discover passwords of any logins associated with application pools. I've seen many production web servers that use domain accounts where active directory is used.
I'd like to suggest that IIS ship with a stub DLL that if replaced would allow for me to implement a decrypt and encrypt method so that I could overcome clear text passwords.