Security

Hi,
I couldn't find this addressed anywhere in the faq or the mailinglist, so here goes:
I think dynafaces is really cool, but I wonder if opening JSF up to javascript in that way doesn't open up a huge security hole in your app. In particular the dispatching of JSF events using javascript, wouldn't that allow, for example, a client to bypass the "process validations" phase and inject unsafe values into the model?
Regards,
Maarten
PS. This list seems kinda dead. Is the real action somewhere else?