[artlung]Anything you store or take input on - whether that's a form or does something in response to querystrings - you have to think about security. That seems like a good starting point because it's really easy to create cross-site-scripting vulnerabilities.
