Web Part Development - careful with the bin!

I have read around what other bloggers wrote about custom web parts, and found that most say to copy the dll file to the _app_bin directory, in spite of what the SDK says-"Web Parts cannot be stored in the _app_bin directory."
I could not find a difference between the two folders. Putting a web part in either one seems to work just as well.

However, there is one thing to note from the SDK - both folders have by default low trust levels. A simple web part will work, but when you try to use sharepoint object you get the dreaded sharepoint.security error that throws your users to the maintnance page. yuck!

To make sure this doesnt happen, either put the dll in the GAC (requires signing) or follow the directions from the SDK to allow web parts in the bin directory to run with trust:

Step 3: (Optional) If using the bin directory, set special security attributes
By default, code access security permissions for the bin directory are low; only pure execution is allowed. Although the sample in this walkthrough can run with the minimal trust level, in most cases you need to elevate these permissions to make your assembly run correctly, for example, if your Web Part requires access to the SharePoint object model.

There are two ways to elevate permissions:

1. (Recommended) Create a new trust policy file, and point your web.config file at the new file. This option is more complicated but it gives you a precise attribution of permissions for your Web Parts. For more information about trust policy files, see Microsoft Windows SharePoint Services and Code Access Security.
2. Raise the net trust level of the bin directory. In the web.config file in the Web application root, there is a tag called with a default attribute of level="WSS_Minimal". You can change this level to WSS_Medium. While this option is simpler, it grants arbitrary new permissions you might not need and is less secure than creating a new trust policy file.

To raise the trust level of the bin directory Locate the web.config file in your application root and open it for editing. Locate the trust level tag, . Change the trust level to WSS_Medium.