In a perimeter network scenario in which a SharePoint Portal Server farm deployment is physically connected to a network segment that is part of the perimeter network topology and whose servers are members of the perimeter network domain, perimeter network domain accounts should be used to run the SharePoint Portal Server IIS application pools.
However, if your SharePoint Portal Server deployment in a perimeter network needs to access an external data source that is located in your corporate intranet, it will probably need to do so using a corporate intranet domain account. For example, if you have a Web Part that needs to access data in the corporate intranet in order to render a Web page, it will probably need to use a corporate intranet domain account to do so. There is a security risk associated with this because the corporate intranet domain account is potentially exposed to the Internet. If an intruder were able to successfully attack and penetrate your perimeter network, these credentials could be exposed to the intruder, giving them access to the data in the corporate intranet.