Thanks for the rating and comment.

Just to make clear:

1.Trustworthy db option is disabled by default. Also, it will be set to OFF after detach/attach db operations. Enabling this property can introduce certain threats. More info on https://msdn.microsoft.com/en-us/library/ms187861.aspx

Service Broker is enabled by default on a newly created database. However, it is disabled on an attached or restored database by default.

2. Service Broker uses a transmission queue as a holding area for messages. Each service-broker enabled database contains a separate transmission queue. The transmission queue is stored in the primary filegroup for the database. The message will remain in the transmission queue until the target has acknowledged receipt of the message. Thus, transmission queue can blow up if messages get stuck in and can not be delivered. More info on https://technet.microsoft.com/en-us/library/ms166030(v=sql.105).aspx

Alter database with rollback immediate option will cause to close all existing db sessions and roll back any pending transactions in the database. It is usually specified because ENABLE_BROKER option requires an exclusive database lock.

3.SQL Server is Secure By Design and By Default.

4.More info on https://msdn.microsoft.com/en-us/library/ms187377.aspx

5.Sql Server XML casting and validation errors are raised with severity 16, and this severity will always put the transaction into an uncommittable state. You can specify xml validation schema on the service-broker message type to ensure that XML payload is valid before sending it on a conversation. More info on https://msdn.microsoft.com/en-us/library/ms187744.aspx

6.If you set POISON_MESSAGE_HANDLING option of a queue to OFF then the queue will not be disabled after five consecutive transaction rollbacks. This allows for a custom poison message handing system to be defined by the application.