That was a lot of information; security administration can be complex. The key takeaways from this chapter include the following:
VSTO customization code will not run under the "out-of-the-box" security policy. Some additional policy must be applied that allows customizations to run. Choose your enterprise's security policies carefully.
The AppDomain policy level will not consider zone-based evidence for the customization assembly.
Both the customization and the document location must be fully trusted; there is no partial-trust scenario for calling the Word and Excel object models.
Strong names and publisher certificates use similar technology but solve slightly different problems. It is possible to use both forms of evidence in the same assembly.
A document that is opened from an intranet or Internet location must have additional policy to trust the document location; this policy is created using the Office Document Membership Condition.