I am trying to use IIS7 web server. I found out that I cannot edit (or create) files in this directory. The reason for that is that this directory has read-only permissions. I could change this permissions but I am afraid that it can make a hole in the security of my site. I mean, for example, if this directory has write-permissions that somebody from "outside" can put there some "shit". Or I should not worry about that?
It really depends who you are giving permissions to. If you give everyone write permissions to that folder, then yes anyone will be able to write anything to that folder, which is not good. Similarly if you give write permissions to the account your site runs under you are opening your self up to trouble.
If you just want to give write permissions to your user account, to allow you to write files via FTP or if you have RDP access then you should be ok. However, I would suggest you get yourself a firm understanding of how Windows permissions work before you go and change any of them.
It really depends on the other security that you have on this site. If it's IP restricted to just a few users, then there shouldn't be a problem. However, if its a public site, then I would suggest that this would be a bad idea- without further security.