Invalid postback or callback argument. Why?
This has to be one of the most frustrating error messages in .NET, but once you get a feel for what's going on, it makes sense. .NET likes to know EVERYTHING that's going on. It keeps track of all the elements that it has placed on the page. Along those same lines, .NET gets offended when it receives input from something it didn't know about. In your case, it sounds like, at the time you click on the LinkButton, .NET doesn't think it should be there. In my experience, there are two likely reasons for this:
You're doing to client-side wizardry that is creating new inputs or cloning existing inputs.
While the form submission is being processed, .NET does something to the LinkButton which causes it to be no longer available. Some examples of this I've run into are when your LinkButton is dynamically created in the backend or you're using UpdatePanels and their content get changed during the form's submission.
Basically, I believe if you step through the form submission code and watch that LinkButton, you'll see .NET forget about it, which understandably triggers this "Security Exception" when the LinkButton is clicked.
If they're clicking before a page has a chance to fully render then the __EVENTVALIDATION fields aren't going to have been completely written - thus your error.
Now this was fixed in 3.5 SP1/3.0 SP2, and is configurable in web.config;
<configuration>
<system.web>
<pages renderAllHiddenFieldsAtTopOfForm="true"></pages>
</system.web>
</configuration>
The default is true - so what version of .NET are you running? You could always disable the buttons client side until the page has finished loading.