Encrypt That ViewState!
Something that is probably over looked from time to time unless you are just always that secure is encrypting your ViewState. While SSL may prevent some things you will may want to make it a bit harder for an end user to see the information stored in ViewState.
Luckily this is very simple. You can set it in the @Page directive (<%@ Page Language=”C#” ViewStateEncryptionMode=”Always” %>) or in the web.config file (<pages viewStateEncryptionMode=”Always” />).
Of course, like many things .NET there are many ways to do this depending on your specific situation. For that amount of detail you should read the ViewState Overview.