I've done pretty secure web sites in the past, and one technique I used was a temporary database visible to end users and a "true" database with no web access available to Notes. Submitting in the temporary database would update the "true" database. I wouldn't blindly update all the fields in the documents - only the ones that were supposed to change. It was a bit more work to set up, but I knew the data integrity would be there.
I've done pretty secure web sites in the past, and one technique I used was a temporary database visible to end users and a "true" database with no web access available to Notes. Submitting in the temporary database would update the "true" database. I wouldn't blindly update all the fields in the documents - only the ones that were supposed to change. It was a bit more work to set up, but I knew the data integrity would be there.