Many packages secure certain parts of the Meteor stack, but even then, you cannot rely on these packages completely. Also, you have to be very careful about the packages you choose! Some packages might intercept core functions to funnel information out of your application. This means that you should always have a look at the source code of the package before you install it.
This topic is usually an oversight to novice Meteor developers, and yet it is one of the most important topics to know about. To secure our webapp we need to: