We just shipped a new version of Meteor DevTools with a new Security tab including:
- Package audit: shows up packages you should consider installing or removing.
- Collection audit: helps you check allow/deny rules on each collection.
- Method audit: records method calls and calls the methods with different argument types to test for type checks.
I wrote a bit about how the tool works here: http://blog.thebakery.io/introducing-a-secury-auditor-to-meteor-devtools/.
Feedback and contributions are more than welcome!