Persistant RTS

Ok I realize some people have already been up to this, as have I ever since I played 10Six. Ok so my question is.. How do I tell when I have a security flaw? For instance I have thew system in. Working Persistence but I'm not sure of the potential security risks. Any suggestions? Possible risks? Im using MySQL with HTTPObject all comunicated with from the server. The client just sends a request for something, and the server pulls it out.