Just finished watching the video, great explanation, thank you!
Question:
If you're looking at a .docx with a remote VSTO manifest, how much does the MOTW on the actual document mess with the .NET assembly execution? Like, if the manifest is sitting in a Trusted Sites zone but the doc itself is flagged for the Internet zone, which security policy actually takes the lead during the add-in loading phase?