Regarding the Commercial Real Estate Longhorn demo, Joseph asked in email,

How can the one-click install feature possibly be secure when a one click install application is e-mail? You are allowing someone else’s code to run on your machine. What is preventing malicious code from being executed, your demo did not touch on this at all.

This demo was ambiguous about what exactly got installed when; I hedged on whether A) the base application was already installed and we were simply retrieving the updates needed to support the attached document, or B) whether the whole application was being installed from that attached document.

Option A requires that attached document use ClickOnce APIs to retrieve the required updates upon being opened.  That’s definitely possible.

Option B, at least at this point, requires that the email instead point to your application’s ClickOnce Deployment Manifest that in turn points to a Application Manifest that installs your application.   It’s still unclear whether Avalon will provide a generic document container that can deploy code based on a remote URI embedded in that document.

In either case, I’m relying on Code Access Security (CAS) to make things safe.  There’s a good overview in Steve Hiskey’s Building Secure Client Applications in Windows "Longhorn".  Jamie Cool also explains ClickOnce in Introducing ClickOnce: The New Web Based Application Deployment for Windows Forms and “Avalon”.   Though in recent conversations, the scope of the SEE (Secure Execution Environment) is still a bit unclear, you might be interested in a good discussion on the definition of the SEE.