I just noticed this link in my trackback log for one of my previous post and I'd like to dispel a couple of rumors.
On the internet, you need a verified and trusted Authenticode certificate to even prompt the user for permission elevation.
That means that unless you shell out the $200 a year to get a cert and make it through the background checks you can't get more than the internet zone level of permissions for your app. If your manifest asks for more than that, the user gets a prompt saying "We can't run this app, it's not trusted." Of course, the wording is better than that but you get the idea. I've been in many meetings (not since the beginning but recently anyway) where the comparison to ActiveX has come up time and time again. Trust me, we get it by now :). Things are different in the Intranet zone so internal apps don't need to worry as much.
ClickOnce is specifically designed to prevent things like this. Of course, we'd welcome any feedback and suggestions you have about what you see in Beta1, any of the CTP's or the upcoming Beta 2. Hop over to the Product Feedback Center and let us know what you think.