This page outlines potential security vulnerabilities that can be exposed by improper usage of CMS. In many cases, a section will link out to a more detailed article.
Avoid RichTextBox controls in eWeb. In many cases, RichTextBoxes are used to store HTML that is later executed and presented on a CMS web page. RichTextBoxes, therefore, are an inviting target for SQL injection or other attacks.
See Visibility SQL in eWeb to Prevent URL Tampering for tips on preventing a user from improperly accessing data by tampering with URL querystring parameter values.
To ensure one member does not see another's information, be sure to carefully follow the recommendations in Member Director (eWeb).