Thank you so muck for your help. I totally agree that the Windows Authentication is the most secure way of handling the application pools.
Now since I'm more on SQL Developer/DBA side rather than .NET Developer you should forgive me if this question sounds stupid:
in your 2nd case scenario, how would the WEB Users (not Developers) connect to the SQL Server if it is set only with Windows Authentication?
Also I would greatly appreciate if someone will tell me how applicable in this case scenario is an Application Role?
Or is it not a related topic at all?
Any help with this issue would be greatly appreciated.