I stumbled across some good CF-related security articles this weekend.
Using htaccess rules to protect against SQL injection
The good and the bad about built-in CF script protection
This article also touches on ways to customize the script protection
Do we get much spam form activity? The use of captcha and reasons not to use it
The best part is that that they talk about CFFormProtect as an alternative, which sounds very cool: