The QuarkRuby blog has created a great Ruby on Rails Security Guide that gives you a wealth of links to articles and plugins dealing with security in Rails applications. Everything fromn XSS to CSRF stuff is covered.