Sometimes, in order to get necessary permissions, we will assign domian accounts or local accounts for IIS app pool. For example, it usually happens for SharePoint deployment. However, this is not a secure way, because the password for these accounts are saved in clear text.
For local accounts, the password is not readable. But if you are using domain accounts. The IIS Admin can read your password without any third party tools, just by CMD:
appcmd list apppool "App Pool Name" /text:*
The result is like this. Your clear password will be shown under [processModel] node. This is an example for a domain account.
So far, there's no way to avoid clear password being stored in IIS. So I suggest do not use domain account for IIS if you can.