I've just been trying to get a Silverlight control to make a cross-domain HTTP POST call using an experimental Silverlight build of XML-RPC.NET. I placed a client access policy file on the root of the server but I was still getting a System.Security.SecurityException when I tried to make the call. I eventually worked out the cause of the problem was that when I created the Silverlight project in Visual Studio I selected "Automatically generate a test page to host Silverlight at build time". This results in the page being loaded using the file:// scheme when debugging, and cross-scheme access is not allowed in this case, i.e. file:// to http://, even with a client access policy file on the server.
I created another project and this time chose the option to add a web project to the solution. The cross-domain calls, now http:// to http://, succeeded.