Microsoft recommends that for best security practices to run ASP.net udner Medium trust. Medium trust enables more isolation of different applications (owned by different customers) on the same server. Some of the issues that we have encountered to date are:

Web service calls don't work in Medium trust unless the hoster configures the "originUrl" attribute, or creates a custom trust policy with additional web permission elements.
.NET Encryption classes fail in Medium trust because of a key container permission requirement. This means attaching an X509 certificate to a webservice call results in an exception.
Encrypting email, or signing email using asymmetric algorithms like RSA fails in medium trust. The underlying reason is the same problem causing the failure listed in the second bullet point.REQUESTS FOR INFORMATION:

The Medium trust default settings are “more locked down” then what PHP developers typically use. Is this a problem?
Possible Solution: Would hosters be happy with a “custom trust level” setting that Microsoft provides for them that is more relaxed then medium trust in these scenarios?
I've seen many ASP.net systems set up under full trust in order to circumvent some of the problems of running under lesser trust settings. Does anyone have any opinions or justifications of this approach?