I’m not entirely sure I’ve got this correct, but I read that Meteor doesn’t use session cookies (?) and therefore it’s immune to CSRF attacks?
Not only that, but how secure is it in general? For example CSRF, XSS and so on. Are there any security measurments I have to do myself or is everything in Meteor safe to use (if you use the stock functions/api available)?
If not, how would one go on about implementing such security for forms etc?