If you don't want your database connection string information hanging around in the configuration file as plain text, you can encrypt it with the aspnet_regiis utility. Here's how:
Unfortunately the utility is hard coded to modify web.config, so you'll have to rename your file first.
move MyApplication.exe.config web.config
Run the aspnet_regiis utility and tell it you want to encrypt the connectionStrings configuration section:
aspnet_regiis -pef connectionStrings . -prov DataProtectionConfigurationProvider
Restore your original filename:
move web.config MyApplication.exe.config
If you're getting a "command not found" error, you'll have to add the framework binaries to your path. The aspnet_regiis utility is usually located here:
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727
