Talking about security,The mere fact that uniGUI is a server centric environment is already an advantage over traditional Delphi desktop applications.
Application security and server security are two different subjects.
I see many people here concerned about html injection,even though its a valid concern ,SQL injection is still much more dangerous.I myself never write SQL statements in my client application (at least when I´m doing my own stuff and tell the rules).
In your client you should only call methods of a service or stored procedures and work with the resultsets.
Allways use https ,encryption whatever tool you have in your hands.
If it make things slow,you should work in a VPN .
Talking about server security,no matter what you do ,you´ll probably never reach the same level of security of a hosting provider,but if you really want to host yourself the best thing is buying a good dimensioned embed Linux appliance(Fortigate,Sonicwall,etc),and make a course to at least understand the basic concepts.
Some of these appliances even have a kind of playgound to fool hackers.
Try not to have your database ,and web server in the same machine,make several backups each day,have periodic password changes,policies to do whenever you fire a system administrator and so on.
And of course,don´t use the database server,or the web server to surf the WEB.