Interestingly here's another (unanswered) SO from someone getting the same problem from CruiseControl: .Net 4 CAS - Request for the permission of type 'System.Net.WebPermission, System, Version=4.0.0.0, Action: Demand. It's possible that this'll end up being a dupe; but that's unfair at the moment since that's not been answered.
This seems similar to the pre 3.5 sp1 network security woes, where applications runs from a network location would be denied many permissions through CAS.
I think this blog post might provide the solution, although it might not apply if the executable itself is loaded from a remote location (check the first solution) http://www.damirscorner.com/CodeAccessSecurityStrikesBackInNET4.aspx
Although, also looking at Exploring the .Net Framework 4 Security Model (which provides the same workarounds as the aforementioned blog post) it might not apply, as it implies that unhosted Exes run from network locations should run fully-trusted by default - when clearly yours aren't!
One thing to try if this doesn't work is to make the exe (and by extension all it's references) strong-named.