Delegates are the managed equivalent of type safe function pointers and are used by the .NET Framework to support events. The delegate object maintains a reference to a method, which is called when the delegate is invoked. Events allow multiple methods to be registered as event handlers. When the event occurs, all event handlers are called.
If your assembly exposes a delegate or an event, be aware that any code can associate a method with the delegate and you have no advance knowledge of what the code does. The safest policy is not to accept delegates from untrusted callers . If your assembly is strong named and does not include the AllowPartiallyTrustedCallersAttribute , only Full Trust callers can pass you a delegate.
If your assembly supports partial trust callers, consider the additional threat of being passed a delegate by malicious code. For risk mitigation techniques to address this threat, see the "Delegates" section in Chapter 8, "Code Access Security in Practice."