More details about securing the on-premise service calls.
Continue addressing the dangers of “*” in clientaccesspolicy.xml.
Explain why a domain naming standard is desirable.
Educate yourself and your company about the protections Silverlight offers.
Carefully craft your clientaccesspolicy.xml files.
Subdomain wildcard ("http://*.mycompany.com", for example) are the most open wildcards I’ll use for on-premise clientaccesspolicy.xml files.
Craft a domain naming standard for your local intranet security zone.