Be careful of embedding script in server controls, it won't work and can very well lead to information gathering.
This is of course a very simple example. Code is not processed in this case:
<
asp:HyperLink id="HyperLinkStatement" NavigateUrl="MyUrl.aspx?<%=GetSecureInformationFromEncryptedFile("c:\\somefile.txt")%>" style="Z-INDEX: 101" runat="server">Download</asp:HyperLink>
This will not evaluate the method. I always find it interesting the results you get when searching for asp code on the net. Because of misconfigurations or server migrations, you can view the entire source code for various sites out there.