OK, I don't get it. I'm trying to, honest but it's not coming to me.

Why must one 'publish' browser based IP task forms to a 'well known' location before MOSS forms services will allow them to be opened? I think I get the full trust issue - dependent on who's blog I read it's either:

• Because the form's being referenced by it's URN,
• Because it requires access to external data via ItemMetadata etc, or
• Some other strange reason.

But for the life of me I can't see why one needs to publish. From what I've seen thus far neither installing & activating the feature or using the 'flow makes any attempt to reference the form at it's 'published' location. Not only that, deleting the 'published' form makes no difference and the workflow carries on regardless.

So, here's my take (based on all the scientific evidence 1 cup of coffee, 1 cup of tea, 1 large diet Dew and 1 Juicy 4-way Skyline Chili can muster): When a form is marked as trusted, it requires an extra step of publishing it to confirm the trust certificates validity on the form. When one sucks a form into MOSS all it cares about is confirming that the form has this confirmed trust. The location it was published to is neither here nor there.

Exciting, huh?