Both Snoop (WPF) and Silverlight Spy (Silverlight, obviously) allow you to connect to running processes and see what's going on inside them. Very powerful tools.
With Silverlight Spy, you can see the contents of any Silverlight app... and reflect against them. The temptation with Silverlight is to put more code in the stateful .NET client, but the consequence is that your code is essentially available to the world. This also applies to any keys, passwords, etc that may be stored within your code.
Time-sensitive encrypt keys from the server may be worth investigating as a means of protecting your secrets.
Really, it drives home the point that you need to be cognizant of where you store your secrets. In addition, you simply shouldn't trust anything coming from the client. Other strategies include routing all traffic through your secure server, rather than allowing direct access to web services. Treat your production Silverlight apps like any public-facing web site -- expect attacks, expect people to hammer at it and try to destroy it.