>>The problem is that connection strings can sometimes have rather personal information in them such as user names and passwords. I think it is poor design to compile that type of information into your DLLs or distribute it with your app.

The company I work for sidesteps this issue by creating generic users and changing permissions on the app.config file in directories that are inaccessible across the web.

But yep.. in your case it sounds like a problem that should be resolved.