Preventing access to code outside the sandbox

One of the security exploits listed on the web is the ability of untrusted code to call Assembly.Load(assemblyFullName) to gain access to the code in a different assembly. To address this risk, keep untrusted assemblies in a folder separate from the bin folder of the hosting application. Oracle does this in all rule execution environments.