SSL and Anonymous Authentication

I want to use Anonymous authentication to a website served by IIS 6.0 and
Windows 2003 that is the front end for a database on a separate computer
that requires user logon to access the data. I also want to use SSL to
encrypt the return of the data from the browser to the anonymous user. It
seems that I must turn on sub-authentication to authenticate the anonymous
user on the website in order to continue beyond logging into the database.
Is this true? The problem with sub-authentication seems to be that the
anonymous user has to run under the local system account which could be a
security hole. Is there a way around this?