I removed this blog post, because it was re-written over here in the context of the new Model Validation feature.
The primary purpose of this original post — to highlight the security issues of under- and over-posting — is absolutely still valid. Model Validation does not absolve you from thinking about those issues. Go read that other post to understand why.
I have also closed the comments here, and encourage further comments to be made on the new blog post.
