Is it possible to set write access to the web.config file (or other files) so that assemblies can write to it? Would that be security risk?