Created a secured, public app

Created a secured, public app

Zoho Users,
I think I've succeeded in creating a secured, public app using Creator.
It's at http://www.officeswap.com . I refer to it as an "indirectly secured" app in that it uses Zoho logins, not my own. So it has one clunky step.
I'm interested in any comments but especially:
1) Try to break it... meaning prove you can change data or use it to send an email to a post-er without logging in.
2) I saw a thread about passing parameters between pages. Has anyone used this or other techniques to directly control security/accounts with your own zoho user table?
Thanks, www.jackbellis.com