.net - Is it safer to place a exe.config file outside IIS root path -

in web application , need use .exe.config file contains sensitive passwords.

is better place outside iis root path in order reduce threats ?

i know iis not serve config file keep hearing it's dangerous writing plain text passwords in config files... in advance advices.

we use registry storing passwords safely. can encrypt passwords machine key , store in windows registry.