There are several things that you should consider doing to secure your database, but I am not sure if you are able to make such configuration changes, and if your host provides such support. Here are some good recommendations, however:
1) After setting the password on the access database, make sure that you are prompted for a password next time you open the database, that way you know your password is in effect. Upload your database via FTP, and make sure that you can not transfer it via HTTP. The anonymous internet user should not have full privileges for accessing this file. What looks like you are missing is the username and password in your datasource. MAKE SURE TO SPECIFY YOUR PASSWORD IN YOUR DSN! This is why your site "breaks" when you set a password.
oConn.ConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0; " & _
"Data Source=" & Server.Mappath("Cart.mdb") & ";" & "Jet OLEDB
2) The best practice is to put your database outside of the web folder so that it is not accessible via HTTP (only by FTP and your script). Make sure that your script supports access to the database via a direct path or DSN. If your website is under "yourdomain\http" put the file under "yourdomain\database". Again, this is host-dependent, so there is no way to know what your folder architecture will look like. Keeping the database outside of the web folder makes it virtually impossible for someone to access the database via the web browser.
3) If you decide to keep the database in the web folder, you can change the mappings on the .MDB file type to be handled by a scripting engine (if you have these permissions). This will effectively prevent someone from downloading the database by simply entering the URL. Instead, the database will be opened by a script processor, and garbage will be produced.
4) If you suspect your web development company has access to the file, change all your login information! If they are the ones hosting your website, change your host immediately since you feel they can't be trusted.
Don't neglect the fact that your software may have security holes in it that allow people to make changes, or that your admin section for your site has a weak password that someone figured out.
Hope this helps.