The limitations of ToolStrips under partial trust are designed primarily to prevent spoofing attacks. Spoofing attacks consist of some fake dialog or familiar window that lures the user into entering personal information. The two elements are a full fidelity window AND key entry. ToolStrip, because of the flexibility in rendering, protects only the key entry half of this attack. We do this via a combination of protections:

In ToolStripDropDowns, we require UIPermission.AllWindowsPermission to display ControlHostItems. This applies to both intrinsic (ToolStripTextBox, ToolStripComboBox, ToolStripProgressBar) and user created. Rather than throw, we simply do not display these items where the requirement is not met.

We disallow AutoClose == false and ignore the cancelable closing event param. This makes it impossible to enter more than one keystroke and not cause dropdown dismissal. Like above, we would not throw, but simply ignore the value.

We restrict keystroke handling events. Many keyboard related events will not be raised if in partial trust contexts less than UIPermission.AllWindowsPermission.

Mnemonics are not processed when UIPermission.AllWindowsPermission is not granted. This is done to prevent a keystroke sniffing attack where a ContextMenuStrip that contains an item for each letter could be reshown again and again. Each time it was dismissed one more letter would be captured.