The default behaviour of SQL Server Management Studio is to allow a user with a valid logon to see the list of databases. Here is a post on how to change this behaviour.

I've received a few questions on modifying the trust config to allow .net applications to call web services in a 'medium trust' shared environment. A detailed explanation on how to do this can be found here.