IIS and AppPool Passwords
For local accounts, the password is not readable. But if you are using domain accounts. The IIS Admin can read your password without any third party tools, just by CMD:
appcmd list apppool "App Pool Name" /text:*
The result is like this. Your clear password will be shown under [processModel] node
This is why if possible you should not use domain accounts in IIS - Where possible you should really use local accounts