Well, AJAX is really only about dynamically requesting pages.
Basically the same security principles apply as for "regular pages", for example always check user input, especially when using it in SQL queries.

________________________________
Visit my project: Derivative Calculator