There are many considerations for security, and some reading on web application security in general is recommended.
In absense of a comprehensive guide, here are some quick recommendations:
Note that prototype.multiplicity and prototype.element are not relevant to security. These properties drive the "Add Element" functionality of the modeling tool and are not used in runtime. You can certainly use regular triggers.
For best results, use the Firefox browser..