Because it's the nature of the beast. Anyone with Reflector (and this
isn't even required) can rebuild a dll's source code. Face it, there
is nothing you can do in ASP, or ASP.Net, that someone else can't do.
It's just not that hard to do.
There is no point to even thinking about "protecting" your source
code.
Protect your sensitive data in other places.
Incidently, that is one place where classic ASP has .Net beat: if one
creates a COM dll, it is much harder to reverse-engineer what's in
that dll. Not to say it's impossible, but the result will never be
exactly what your source contains. Not that it really matters: there
is nothing you can do with ASP that someone else can't do. You can
only protect yourself against honest people. And you know what? You
don't have to do ANYTHING to protect yourself against honest people.