Laurentiu Cristofor writes another excellent and informative post explaining the nuts and bolts of SQL Server security, this time exploring the concept of ownership as implemented via Ownership chains and schemas. Here's an excerpt:

Ownership chaining, or OC for short, will bypass the permission check that would be done when the view is referencing the table, if the owner of the view is the same as the owner of the table. Intuitively, this makes sense as the intention of the owner in granting SELECT on the view'must have been made'so that the user would be able to actually select from that view. This mechanism has then been extended beyond this simple example involving a view and a table - the same would hold, for example, if a procedure would use a view that would refer to a table and the caller only had EXECUTE permission on the procedure and no permissions on the view or table. This idea has'proliferated so that it'resulted in the extension of OC to work across databases - the so-called cross-database ownership chaining (CDOC). CDOC is a topic that goes beyond what I want to cover in this post, so I'll only mention that these days it is disabled by default and it's a good idea to leave it like that.