Both InfoPath and ASP.NET application as secure as you made it!
If it done wrong you got a big hole in your system with both, so there is no difference between them in that...
If you want to convince your boss that the InfoPath solution isn't secure first learn how it can be secured, than find some flaws...Be sure you can address those flaws with your ASP.NET proposal!!!
About InfoPath security...[
^]