For the reasons you stated, that’s why I’m starting to prefer deploying code to the bin fully trusted for some scenarios. Since I wouldn’t deploy any code that isn’t trusted in the first place, I wouldn’t really need to worry about needing to check for security flaws.

For internet facing web applications, if you don’t use CAS would you prefer for the code to be in the GAC and made available to all web apps or put into the bin and scoped to the web app? Also, chiming off that Stack Overflow link you posted, if you utilize SharePoint security best practices, the app pool account really wouldn’t have any worthwhile permission sets to do anything with the OS right?

Basically, if you trust the code enough to deploy to the GAC, why wouldn’t you want to deploy to the BIN with the same trust level? That way, we can at least prevent other web apps from running that code.

So now you don’t just need to check for security flaws in your code, but flaws in every piece of custom code deployed to that web application!

Then what if someone in a few months time decides its a good idea to put the web application on the Internet? Now your server is wide open for attack.

You’re right that CAS policies are difficult and often the only solution is to deploy to the GAC. But at least you are fully trusting code you know about, because you wrote it.

More info on Stack Overflow: http://stackoverflow.com/questions/461650/asp-net-trust-level-full