OWASP , The Open Web Application Security Project, just officially released "OWASP Top Ten - 2013, The Ten Most Critical Web Application Security Risks."
All XPagers and Domino-folk should give this a read.
My sense is that Domino holds up very well out of the box against this list of vulnerabilities which is a good thing but there are clearly some areas of possible concern given your exact situation and your specific applications.
We run a publicly hosted XPages application so, of course, this list is always of interest to us and I have spent a great deal of time with the 2010 version of this Top Ten list.
The PDF is a pretty quick scan and I encourage folks to read it and post any thoughts you have about the vulnerabilities as they relate to XPages or Domino either here or on your own blogs.
Links to the project site and the PDF download are listed below (in case you didn't see them up above).
Remember people: Let's be safe out there.