I think what comes from the client is mostly an opaque token that refers to a continuation in the server's session store. Probably something like news.arc, but I'm even less familiar with news.arc than I am with this. :-p
I think other values are passed around as first-class values of the program, not as automatically-evaluated expression. So if you use eval in your code or otherwise interpret rich user input with loose privileges, you might indeed have a security risk on your hands. If by some chance you do find yourself in that position, Racket also provides a sandbox library so that you can replace your insecure eval with a more tightly controlled one.
