Creating webparts that use Page.LoadControl

Yesterday I ran into a situation where I really got to know CAS.
I had built a webpart that loads an ASCX control dynamically (it uses Page.LoadControl("")). Since we all develop in Full Trust (right?), that is of no problem.
As I was preparing my webpart to be handed over to the IT Pro's, I added all CAS permissions necessary to my Manifest.xml file.

I created the WSP file, used SharePoint Solution Installer (SSI) to deploy my package and voila. It gave me an error: File /_controltemplates/mycontrols/MyDemoControl.ascx can not be found.

I verified whether I added FileIO permissions. After a long search I found out that using Page.LoadControl("controlname") needs more than that. It needs Full trust. My webpart (and I guess yours too) have the Allow Partially Trusted tag in the Assembly.cs file. Partially trusted... Full Trust.
Full trust can be set by using the attribute Unrestricted="True" in the node PermissionSet.

I did some testing in my Manifest.xml, adding Unrestricted="True" to my PermissionSet. When deploying the package with SSI, I got an error message, making me think this wasn't the way to go.

Removing the attribute, installing the package and then manually updating the WSS_CustomTrust.config file (adding the attribute to my PermissionSet node), worked. My control now loads fine.

In the near future I'll do some investigation as why SSI doesn't seem to support the Unrestricted="True" attribute in the Manifest.xml.

-Marcel