Elevating CAS permissions
Every elevated permission is a potential security hole. Untrusted code can use it to do something it cannot do directly (for example, by calling the .NET library directly). Ideally, there should be no permission elevations at all. However, developers may need access to restricted resources, such as config files, registry values, and calls using reflection. Access to restricted resources requires elevated permissions.
For more information, see: