By default, users are allowed to run Silverlight trusted apps that have been previously installed. If this policy is disabled, users may not run Silverlight trusted applications, even if they were previously installed. Sandboxed out of browser applications are not affected. Most people that disable this policy will also want to disable installation of Silverlight trusted apps.
A Silverlight trusted app runs with elevated permissions and can access user data much like a .exe can, and should be installed only from web sites which are trusted.