This issue applies to the security restrictions for assemblies that are uploaded and executed.
Raised by: John Lambert - http://forums.microsoft.com/MSDN/showpost.aspx?postid=1542164&siteid=1
"This isn't a good idea in general: ...it's a security issue to execute code from third-parties: imagine if the constructor calls File.Delete("C:\boot.ini")."
Run code under user provided credentials.
Require that all assemblies be signed by key provided on request to specific users.