I totally agree. Claim you've got the securest site and sooner or later you'll undoubtedly get hackers surfing into your data and/or code.

In what concerns to ASP keep in mind that it consists on a DLL (asp.dll) which runs on a server process (IIS, the web server) and catches every request to some specific page extensions (.asp in case of asp.dll), processes the script found in the page and returns the result -expected to be in pure HTML format- to IIS and then to the browser at the client PC. To get your source ASP script code a hacker would need to enter your server and get into the folders where your .asp files are.