Use role-based security and access control to restrict access to your Cold Fusion Components. This is accomplished by using the roles and access attributes of the <cffunction> tag.
By default, a user is given permission to add/edit/delete all objects in a particular database table through the contrib.admin application. In order to restrict this to only objects owned by the requesting user, you would need to define custom methods for the ModelAdmin objects that filter the query set used to populate the change list and ensure that the user can't save an object that isn't related to them.
If you use backend access control, consider using the J2EE standard approach. This involves use of the isUserInRole() andgetUserPrincipal() HttpServletRequest methods.
For logging, consider using Log4Natural.
Use safe_mode as part of Defense in Depth. However, do not rely on it alone for security.