See below.
Peter wrote:
Using one of the secure discovery providers with authentication and input
validation. Download and deserialization permissions are granted dynamically
just after authentication, but before download.
But now you just moved trust decisions to SafeServiceRegistrar
implementation.
It is even worse than with "CodeDownloadingSmartProxyWrapper" because
SafeServiceRegistrar implementation classes are dynamically downloaded
while the CodeDownloadingSmartProxyWrapper class is local.
Thanks,
Michal