Recovering full source from compiled Java apps is an amazingly easy thing to do, and it shouldn't take much imagination to come up with a scenario or two where being able to quickly and easily do so would be useful to a pentester.

The tool I'm most familiar with using is freely available from here: but there are a few others such as Jad and Mocha that seem to be out of date but still popular.

I haven't had any experience with .net, but the same idea applies: decompiling IL bytecode back to C# or managed C++ or something shouldn't be any more complex than it is for Java, but a bit of quick googling hasn't turned up much.