Microsoft has chimed in on the questions about ClickOnce security raised by Dominick Baier and basically is asserting that this is a non-issue.
I am not buying. I think that using the excuse that older technologies do something a certain way undermines the principle of secure by default.
What do you think?