Although the v1.0 and v1.1 versions of CasPol provided a switch to disable the CLR's security system, running without CAS enforcement on was never a scenario that we encouraged for obvious reasons. The choice to disable security was a system wide switch that affected any managed application on any version of the runtime, and made running managed code incredibly unsafe.
As of Whidbey, you'll find that the switch to turn security off no longer works as it used to. If you run caspol -s off with beta 2 or later of Whidbey installed, you'll see:
Security will then be disabled as long as the CasPol process remains active. When CasPol is terminated, it returns security to the on state. Even abruptly terminating the CasPol process will still return security to its on state.
This works because the implementation of the internal security off flag has changed. Instead of using a registry key to indicate the status of CLR security, we now use a named mutex which CasPol holds to indicate to the CLR that it should disable security. Examining the the handles held by the CasPol process in a debugger will enable you to quickly identify this mutex:
Since security is being disabled by this mutex, the CasPol process is resilient to being terminated unexpectedly, because Windows will just clean up the handle for CasPol when cleaning up the process. Another side effect is that if the machine is rebooted, the security state will revert to on.
If we fire up the kernel debugger, we can take a look at the ACL of the mutex:
That shows that the mutex is created with an ACL that prevents anyone who isn't an administrator from owning it. And although Windows does not provide a way to prevent non-administrators from creating this mutex, internally the CLR will not respect the existence of the named mutex if it is abandoned or not owned by the BUILTIN\Administrators group. This prevents a squatting attack where a malicious user could turn off security simply by creating this mutex himself.
One of the more interesting effects to note of disabling security with this mutex is that the v2.0 CLR will no longer respect the registry key used by older versions of the runtime, and those versions will not have their security disabled by the new CasPol switch.
Although there still is the ability to turn off security, the ability to turn it off permanently has been removed. The new switch is useful mostly for debugging purposes, to establish if a problem you're diagnosing is related to the security system or not. The recommendation is still to avoid using this mechanism if at all possible.