Web Server / App Server via .Net Remoting / good idea? security aspects?

In the current codebase (way old) there is a web server in a DMZ-network (not allowed to talk to DB) which is allowed to talk to an app server in the trusted network through .Net remoting.

The App Server talks to the DB and contains a domain model (everything inherits from MarshalByRefObject). The Web server gets a hold of these objects as remote objects and does its thing using these objects. (the web server does NOT have any domain model, it just uses the model on the app server directly)

In one way It's a simple setup to get around the DMZ/trusted network issue, but on the other hand I get goosebumps at not knowing the implications of using .Net remoting like this.

• is it secure?
• will it break down under load?

My natural inclination now that we're going to be replacing this system is to have a WCF service chat with the DB and send DTOs to the web server and have AutoMapper map the DTOs into a local domain model on the web server. Bu开发者_如何学编程t this setup does have more moving parts. Should I just put on a sweater and igore my goosebumps and design the new system using remoting or should I listen to the little voice in my ear which tells me to clean this mess up?