Random thoughts on security
In no particular order here are some thoughts about security. Thanks to Trustworthy Computing Initiatives, it's a royal pain to connect to outside datasources without triggering all kinds of annoying warnings. Even if you digitally sign a form with a level 2 code signing cert, which is needed for allowing any ActiveX invocations to work, you'll still get warnings connecting to databases. I find that the only way to avoid the prompts is to add the server name that the instance of SQL/Access runs on to your list of trusted sites in IE. There may be better ways of doing this, but it's the only way I've found that works. On the downside, I've had issues with custom code written in Visual Studio with the InfoPath add-in that don't like the server to be in the trusted list. Unfortunately you'll probably need to do some experimentation in order to get it to work as expected. Lab 6 and 10 from this link https://msdn.microsoft.com/office/understanding/infopath/training/default.aspx might help in this regard. This may be less of an issue when you are talking straight to web services, but since no one really has web services that you can talk to out of the box yet, you're generally connecting either directly to SharePoint or SQL most of the time. If I find better information on this I'll certainly share it here.
Hmm, found some other information - this link is useful https://blogs.msdn.com/infopath/archive/2004/05/10/129216.aspx