da http://blogs.msdn.com/tims/archive/2005/09/21/472659.aspx:
"actually, we've spent the last six months building a secure partial trust sandbox for in-browser applications"