Webapp security advice


I would like to know if there are security concerns with using Webapp to ingest POST data from a client “contact me” form (code below).

I know that meteor methods and publications have input validation requirements and that one can also implement ddp-rate-limiters.

Is there anything else that can be done ito security within the Meteor app itself?

import { WebApp } from "meteor/webapp";
import bodyParser from "body-parser";
import {check} from 'meteor/check';

import {contactMeEmail} from './email';

const {FQDN} = Meteor.settings.private;

WebApp.connectHandlers.use(bodyParser.urlencoded({ extended: true }));
WebApp.connectHandlers.use((req, res, next) => {
  if (req.url.startsWith("/api/new-contact")) {
    const {body} = req;
    const {name, email, message} = body

    // Not sure if these checks are useful
    check(name, String);
    check(email, String);
    check(message, String);

    const subject = `Contact request: ${name ? name : email}`;
    contactMeEmail(email, subject, message ? message : 'Please contact me');
    res.writeHead(307, {Location: `http://${FQDN}/thank-you.html`});
    res.statusCode = 200;
  } else {