All Win Forms base classes are secured with Code Access Security. Controls that derive from System.WinForms.RichControl are the only controls that can be hosted in ActiveX containers (such as Visual Basic 6.0) and managed control containers (such as Internet Explorer 5. or higher).
Win Forms controls are secure when hosted as managed controls. The security model is layered, and controlled by policy. There is limited, but rich, functionality for internet components. There is more functionality for intranet components, and there is full functionality for local components. Win Forms applications run as fully trusted local applications.