If you want to leave your wiki freely editable by everyone, but are worried about Spam, see Spam.
To prevent cross-site scripting, Sputnik defaults to aggressive XSS Filtering. You can relax the rules or get rid of XSS filtering altogether if you wish.
If you want to control who can read or edit what nodes, see Permissions.
If you want to use alternative authentication systems, please see Authentication.
If you are worried about the security implications of the fact that users get to enter Lua code into Sputnik, see Sand Boxes on Lua-Users wiki. This is basically what Sputnik does. All code that is submitted by users, even admins, is run in a sandbox. That's part of the answer to the Why Lua? question.