Much safer to impersonate. Take a look at http://msdn2.microsoft.com/en-us/library/ms998283.aspx that shows how to use the Aspnet_regiis.exe tool to encrypt sections of your configuration files.