Hi Matthew,
thanks for the explanation.
Don't you mistake "security" for "authenticity"?
In this context, I believe both terms are interchangeable and effectively mean the same thing.
This is generally not true. These concepts have well defined meanings. I can have a secure communicatins channel with someone I did not authenticate. Also I can have a non-secure communications channel with someone who authenticated himself by some means to me.
It is secure because only authenticated code is allowed to be executed, thus another step to avoid piracy, hacking of conditional access systems etc.
Running only authenticated code does *not* ensure security, no matter how much this is wished for.
But no matter, I now understand that "security" seems to mean "data can only be handled in the way intended by the owners of the data" which is a different concept to me.
Cheers Detlev