Which file extensions are affected by ColdFusion's Trusted Cache
Adobe ColdFusion (and Railo) compile CFML templates to JVM bytecode and, if configured to do so, will write the compiled class(es) to disk as .class files. The template cache is a mechanism for saying: if the target class is already loaded, don't bother looking at the (source) file on disk to see if it needs recompilation - trust what's in memory.
Recent enhancements to ACF and Railo allow you to specify that (source) files can be checked always (not trusted), once per request, never (always trusted).
That shouldn't be news to anyone.
Obviously ACF and Railo will compile any .cfm or .cfc file they are asked to process so those will "end up" in the trusted cache if it is enabled.
If you cfinclude a file - any file - ACF and Railo will also compile that to JVM bytecode (and create a .class file on disk if configured to do so). Since an included file is compiled, it will also "end up" in the trusted cache. What happens if you include a CSS file then? It gets compiled to bytecode that outputs the entire content of the CSS file as a string to the response stream. Since it is a compiled class, that now outputs a hardcoded string, if you change the CSS source file and have trusted cache enabled, ACF and Railo will trust what's in the classloader and not recompile it (assuming "never" check source is the admin setting).
You can verify this by cleaning out the cfclasses folder, restarting your CFML engine and running your code. You'll see a .class file appear for your CSS file (assuming you have save class files to disk enabled).
So, cfinclude forces compilation of "any" file and the normal rules of trusted cache apply for classes loaded into memory.
I no longer use ACF so I can't speak in detail to .cfr files (Railo does not support report files) but it will most likely depend on whether ACF compiles a .cfr file or not. It should be easy to verify (by looking in the cfclasses folder).
By default, ColdFusion ships with the *.cfm, *.cfc, and *.cfml extensions mapped in JRun as the extensions that are trusted. You may view these mappings by opening up the j2ee-web.xml and web.xml config files in \JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\ (or near this, based on your installation):
<servlet-mapping id="coldfusion_mapping_3">
<servlet-name>CfmServlet</servlet-name>
<url-pattern>*.cfm</url-pattern>
</servlet-mapping>
<servlet-mapping id="coldfusion_mapping_4">
<servlet-name>CFCServlet</servlet-name>
<url-pattern>*.cfc</url-pattern>
</servlet-mapping>
<servlet-mapping id="coldfusion_mapping_5">
<servlet-name>CfmServlet</servlet-name>
<url-pattern>*.cfml</url-pattern>
</servlet-mapping>
However, you can also manually configure brand-new mappings here as well, which will allow ColdFusion to parse/compile CFML tags in files with a different extension as well (I've worked with CF Servers that have been configured to parse .shtml, for example)
Note: You'll also have to do some additional configuration for your web server, be it Apache, IIS, or whatever.
Once CF is configured to handle a file of a particular extension, it is added to the list of files that is processed in the Trusted Cache--since that file ultimately equates to a compiled .class file under-the-hood.