I would like to hear someone who is in favor of JS MVC explain how you deal with security.

If your controllers contain business logic and they are all JS then you have a security problem.

Or are people backing their controllers with other (non extjs ) controllers ?