Obviously Mongo isn't vulnerable to the sorts of injection that haul sensitive data off SQL databases all day, every day. However, SQL injection attacks raise a significant and broad security question: why do application servers have access to sensitive data that they don't need? Proposal:

• Allow the user to declare a database key as "write only"
• Queries against this key behave as normal
• Optionally raise an error or return null on attempts to read the restricted key

This would create a strong layer of security around data such as passwords that must be written and compared but never ever read.