We published a new security whitepaper base on our experience with ASP.NET MVC. The whitepaper is available at http://www.microsoft.com/downloads/details.aspx?FamilyID=7606f801-70c5-49ca-a18c-91d4ed725833&displaylang=en