ColdFusion MX sandbox security allows you to secure code within a sandbox. CFML code can only be viewed or executed by other code within the same sandbox. However, sandboxing does not affect webservice calls to ColdFusion Components (CFCs).
Recently, issue 61892 was resolved where CFML templates outside a sandbox could call CFCs within a sandbox. This problem is resolved in ColdFusion MX 7.0.2. There is also a hot fix available for the same issue on ColdFusion MX 7.0.1.
However, since sandboxing will not protect CFC webservices, specific steps must be taken to secure CFCs used as webservices.