IIS and AppPool Passwords

For local accounts, the password is not readable. But if you are using domain accounts. The IIS Admin can read your password without any third party tools, just by CMD:

appcmd list apppool "App Pool Name" /text:*

The result is like this. Your clear password will be shown under [processModel] node

This is why if possible you should not use domain accounts in IIS - Where possible you should really use local accounts