Taking some of the good ideas from Adobe Flash in regards to security policy, Silverlight has implemented a similar security model to block unauthorized cross domain network calls. This plugs a potential security hole where a malicious Silverlight application could run on a page the user is viewing and make API and network calls to domains that the user is not on without his or her knowledge.

Why does Microsoft assume that we want to combine our business, data access, service, and web layers together in a single web project? Without sounding too much like a rant here, take a look at almost ALL of Brad Abrams (former Microsoft Architect for WCF RIA Services and Entity Framework) posted examples of how to use the Entity Framework with RIA Services. They all have the Entities, RIA Services, and pretty much all of the other data logic included in the Web Application project.