I had to access a list on a SharePoint web app from another web app on the same farm using code, but experienced a sql exception. The app pool accounts had least privilege, but the accounts of the user had restricted reader rights to both web apps (and app pool account as i tried running with elevated privileges). It turns out that if your executing code against a web app outside of your current context, you need to have rights to the db on the server.
http://blog.krichie.com/2008/09/11/unrestricted-access-via-sharepoint-object-model-from-console-applications/
I ended up reading via webservices and converting to a datatable, similar to the following.
http://politechnosis.kataire.com/2008/09/reading-sharepoint-lists-into-adonet.html
Unrelated, here is a good article on making web.config mods via a feature receiver.
http://weblogs.asp.net/wesleybakker/archive/2009/01/21/web.config-modifications-with-a-sharepoint-feature.aspx
Here is another unrelated article about group policy (something i never fully remember).
http://technet.microsoft.com/en-us/library/cc732593(WS.10).aspx