i have a windows 2003 WE server, with the asp.net stuff installed and i was wondering about security...

i want to provide space for people to use *.aspx files, are there security issues ie: can anybody make an asp.net file to delete/rename or in any way modify files on the server?

if so, any suggestion's for applying additional security?