This is really up to you. The default setup location is under Program Files, which is protected very well against unauthorized writes. If an attacker has permissions to write in there, they probably have permissions to scan your whole disk. It's possible that your developer was referring to a really old version of FoxWeb, which used the default IIS scripts folder. Even so, I would not be concerned. To our knowledge, FoxWeb has never been used as an attack vector.
|FoxWeb Support Team
Sent by Art Bergquist on 02/26/2015 05:19:10 PM:
We're moving from a Windows 2003 Server to Windows 2008 Server; when I install FoxWeb on the new server, do I accept the default?
The reason I ask is that the previous developer who had installed FoxWeb on the Windows 2003 Server indicated that he was "concern[ed] about using default installation paths since they were hacker targets, so [he] relocated the executable to other than the default setup paths. "