Securing WPF when running in the browser
Karen Corby has written a great article about hosting Windows Presentation Foundation in the browser. At the end of the article, are some really great little nuggets about security considerations and capabilities when running WPF in a 'sandbox'. She's also listed some good cross references to Security Whitepapers in Vista.
The Windows Presentation Foundation Security whitepaper also talks about this sandboxing and marking your APTCA assemblies with the new [SECURITYCRITICAL] attribute.