>I'm fairly new to asp too and was under the impression that all the end user could see was the html. That asp would send only html back to the client from the server. Is that wrong?No, it's not wrong. The asp code is in the clear (unencrypted source code), in the server. The request is processed by asp.dll and the resulting html is sent back to the client. So you should not be able to see the code from the client. But it is kept in source code form at the server. And I heard a rumor somewhere that there are some kind of people ("hackers" they are called, right?) that like to get to these kinds of things. {bg}
So if securing your source code is a concern, then go with ASP .Net or compiled ISAPI or similar.