I have a passkey to authenticate access to a web service in the code of one of my java serlvets. How easy is it for someone to view the code for my java servlet when it is on my web server? It would pose a security risk to my entire web application if someone was able to find out my passkey. Should i try to find some way around putting this information in my servlet? Does it matter which folder on my web server I put the servlet?