My company makes an IIS-based web application that runs on Windows Server 2003. A person at my company is convinced that "nobody should ever install a web application onto the C drive, for security reasons". Therefore, we insist that all our customers create a "D" partition and install the webapp onto that partition.
This notion seems bizarre to me, mainly because, of the thousands of web-security articles I've read, nothing like this has ever been mentioned. And I have installed many web apps from other companies, and they all install to C by default, and none of them recommend to "not install to c".
I am looking for info about this, "for" or "against", backed up by specifics, online articles, and anything else reputable.