Ivan Medvedev has a very cool discussion of Code Access Security and making apps work in a semi-trusted environment here. (I was happy to read that it took even him a year to understand CAS, so I may not be completely stupid ... ;-)