Microsoft App Store accepts MSI files. The Microsoft Installer runtime allow MSI files to run scripts, call local DLLs, run programs, interrogate the local registry/filesystem - those are all potentially restricted actions.
What is the security context that those MSIs execute under, when installed from the Store? Do they have local admin rights? If not, how are they restricted exactly?