Nicholas has a good post on the binding validation WCF does in partial trust.
As he points out, a ServiceHost running in anything less than a fully trusted AppDomin will so some baked-in validation on the bindings being used. Specifically, we have a list of binding elements that are explicitly prohibited in partial trust, and if we catch you trying to use one of these binding elements we'll prevent your service from activating.
This behavior has absolutely nothing (zip, zero, nada) to do with security. For that, we rely on the Code Access Security features implemented by the CLR, like any other framework component.
So why do we do this validation? One reason -- usability. Exceptions at deterministic times (say, Open()) are vastly better than exceptions at random times (say, when you receive a message that triggers a code path that does a demand for a permission you don't have). Having binding validation in place doesn't make the system more secure, but does avoid exposure to a large class of issues that can be pretty hard to reproduce and diagnose.