Executable code and supporting data that doesn't change often, along with software and data that has an operational impact when inadvertently or maliciously altered, should be stored on media that is read-only or volatile (reverts to a known stable image on reboot). We place a lot of faith in operating systems to enforce user privileges, and it is possible to mount storage partitions and volumes as read-only, but these protections are far too easily overridden. The data on a "secure" server can be altered from a console by booting from a Linux or DOS CD or a USB flash or external hard drive. In clusters and farms with fail-over and load balancing, access to the console of any one server can compromise secure data shared by the entire enterprise.
