How is the client-side binding different from the server-side binding in terms of security? They are different means to achieve the same goal, getting the data to the users. Controlling who has access to the data is left to the developer in both cases -- if you show sensitive information by server-side binding, it is just as good as showing in through a client-side one. Case in point, the Facebook graph API is accessed mostly client-side, and still it controls whether you have access to the personal data that you provide -- you cannot query all the data about a person who is visiting your website.
the Telerik team
Join us on our journey to create the world's most complete HTML 5 UI Framework - download Kendo UI