Before starting here, go check out these awesome posts by Abhinaba:

• WP7 programming model

• NETCF 3.7 Architecture overview

Now that you know the basics, on to business. WP7 allows you to develop two types of apps: out-of-browser Silverlight apps and XNA games (let’s call them WP7 apps for brevity). Both SL and XNA implement their own rendering engines and use NETCF 3.7 to run any code in the managed sandbox. NETCF also provides the common BCL (base class library) used by all WP7 apps.

NETCF 3.7 runtime and BCL are implemented to be on parity with Silverlight 3.0. There are a few instances where NETCF breaks this parity (more on this later), but we try to keep this rift to a minimal.

WP7 apps run inside a managed sandbox which implements the Silverlight (CoreCLR) security model. We basically divide all managed code into three layers (based on custom attribute annotations):

Note that only Microsoft assemblies are allowed to have these annotations and hence only they can directly access any native code.

What does this mean for existing NETCF developers ?

• You can no longer directly access any system resources or
  do P/Invokes. For example: File system access through System.IO.File is no longer allowed. Instead, you must use the sandbox restricted SafeCritical API - System.IO.IsolatedStorage.IsolatedStorageFile.

• NETCF 3.7 BCL being a subset of Silverlight 3.0, no longer exposes some of the APIs available in previous versions. For example: you will miss System.Collections.ArrayList, but can instead use System.Collections.Generic.List<T>

Further reading:

[1] Security In Silverlight 2

[2] The Silverlight Security Model

[3] Silverlight Security II: What Makes a Method Critical

[4] Silverlight Security III: Inheritance