FormHandler is a library which can be included in a webpage. The library itself is quite lightweight; specific files needed for fields are only included when a form is constructed, no useless includes.
The way FormHandler is secured is up to you. When you use dbFormHandler; make sure if, when and who can edit records (by putting a primary key value in URL), all database related actions are safe from SQL injections as far as we know.
If you use uploadfields in your forms make sure you don't allow files which can be executed server-side (PHP/phtml/whatever extension is parsed/executed).
It's just common sense like every other webapp, never trust user input and always check it.
