I am using IIS 5.0 and I have installed AWStats and it is working wonderfully except for the fact that the resultant statistics files are viewable by everyone without authorization. I could use the standard IIS methods of blocking access but the idea of system usernames and passwords traversing the internet as plain text keeps me up at night. Is there a better way to secure these files (perhaps by adding something to the head of the html files by adding code to the config files?) without creating a potential security hole in my whole server. Any help would be greatly appreciated!

ps> I know *NIX would make my life easier but, alas, it is beyond my control THX.