Haibo just posted an excellent article about what happens when you use reflection to get a custom attribute across trust boundaries.  The specific situation he talks about is when you have:

  1. A fully trusted assembly defining a custom attribute
  2. A partially trusted assembly containing that attribute in its metadata
  3. A fully trusted assembly reflecting over the partial trust assembly

It's another case where APTCA can bite you if you're not careful ... and in this case the behavior might be quite surprising.  Definitely worth a read.