What about user input validation? If I understand it correctly, all the application code resides in the browser. This means that there is no server side code to make sure that the data stored in the database is properly sanitized. For example, how would you go about making sure an input doesn't contain HTML code? If the verification is made on the client side, it is easy to circumvent it.
