I came across this a while back, but lots of people aren't aware of it.

If you want to specify processmodel, impersonation or SessionStateDB credentials you (until now) had to put them in the config file as clear text, which isn't a great thing.

You can restrict the ACLS on the config file to just the account reading the file which works fine, but this is potentiall prone to error.

To resolve this pain, this hotfix (which is included inside the .NET framework 1.1) allows you to encrypt credentials in the registry.

FIX: Stronger Credentials for processModel, identity, and sessionState
http://support.microsoft.com/?id=329250