No, users can not see your asp source code and your assumption as to why is correct.
Regarding your usernames and passwords, simply put, you need to put this data some where. Include modules aren't a bad place to put them and you can take additional steps to protect yourself. For example, encrypting your username and password and then decrypting when you go to use the data.
hth.
================================================== =========
Read this if you want to know how to get a correct reply for your question:
http://www.catb.org/~esr/faqs/smart-questions.html
================================================== =========
.: Wrox Technical Editor :.
Wrox Books 24 x 7
================================================== =========