The first point from the ActiveState doc doesn't look right to me. The process space in which an ISAPI extension is run can be changed in the admin console. Typically (by default), an ISAPI DLL will be run by an external process called dllhost.exe. It is rare (and undesirable) to have an extension running in the IIS process space. The idea is that the executable host remains between calls (giving the advantage of not having to spawn a process) but an error in the ISAPI DLL won't crash the other IIS processes as it would if it were in process.

None of this really matters from a security point of view anyway as any program can debug any one of the IIS executables (or any other executable) and examine it's memory space as long as it has adequate access. The ability to debug an application can however be removed from all users on the system by updating the user rights assignment in the Local Security Policy manager.