When deploying a website you should try to deploy the minimum amount of files required to run the site. If extra files are deployed, or deployed to the wrong place, these may leak information.
- WSDL files that are not required
- DLLS deployed outside the bin directory. On some versions of IIS (out of the box) dlls outside the bin directory can be downloaded and then easily decompiled (you can control the files that can be downloaded via IIS mime types)
- Read me or instructions
Basically get rid of the junk – if it does not serve a purpose remove it.