Apex classes and triggers run in system mode. All classes and triggers that are not included in a package, that is, are native to your organization, have no restrictions on the sObjects that they can look up dynamically. This means that with native code, you can generate a map of all the sObjects for your organization, regardless of the current user's permission.
If you execute describe calls in an anonymous block, user permissions are taken into account. As a result, not all sObjects and fields can be looked up if access is restricted for the running user. For example, if the you describe account fields in an anonmynous block and you don’t have access to all fields, not all fields are returned. However, all fields are returned for the same call in an Apex class.
Dynamic Apex, contained in managed packages created by Salesforce ISV partners that are installed from Force.com AppExchange, have restricted access to any sObject outside the managed package. Partners can set the API Access value within the package to grant access to standard sObjects not included as part of the managed package. While Partners can request access to standard objects, custom objects are not included as part of the managed package and can never be referenced or accessed by dynamic Apex that is packaged.
For more information, see “About API and Dynamic Apex Access in Packages” in the Salesforce online help.