Brandon,
I think you are right that SAs are going to balk. If, however, MS have done their job with .NET Security (and despite their track record on security I'm keeping an open mind), again *IF* they have done a great job with it, then as developers we are in a position to re-educate SAs. Whether we can be bothered, or not, is another matter. And as you say, whether SAs have enough time or inclination to listen is altogether another matter. Particularly as they'll be trying to work out what the heck to do about web services (which may essentially render firewalls redundant) and virus-produced DoS attacks.

I've also been interested to note the dearth of articles and "rah rah" MS are devoting to Win Forms. They aren't giving it much press at all.

Thanks for the post! I think the points you raise help highlight the difficult path ahead, despite any actual technical superiority.