Attributes are used to support Microsoft's new Code Access Security model. There are two ways you can apply Code Access Security in .NET: imperative security and declarative security. Both support the same basic kinds of security. The only difference is that declarative security is employed using attributes, and imperative security is employed in code.
Generally, you can use Code Access Security classes either imperatively or declaratively. However, assembly-level security must be applied declaratively ; that is, by using attributes. Read Chapter 18, Code Access Security, for more information on the Code Access Security model in .NET.