AngularJS provide following built-in protection from basic security holes:
1. Prevent HTML injection attacks.
2. Prevent Cross-Site-Scripting (CSS) attacks.
3. Prevent XSRF protection for server side communication.

Also, AngularJS is designed to be compatible with other security measures like Content Security Policy (CSP), HTTPS (SSL/TLS) and server-side authentication and authorization that greatly reduce the possible attacks.

Configuration block – This block is executed during the provider registration and configuration phase. Only providers and constants can be injected into configuration blocks. This block is used to inject module wise configuration settings to prevent accidental instantiation of services before they have been fully configured. This block is created using config() method.
angular.module('myModule', []).config(function (injectables) {
  // provider-injector 
  // This is an example of config block. 
  // You can have as many of these as you want. 
  // You can only inject Providers (not instances) 
  // into config blocks. 
}).run(function (injectables) { 
  // instance-injector 
  // This is an example of a run block. 
  // You can have as many of these as you want.
 // You can only inject instances (not Providers)
 // into run blocks 
});
Run block – This block is executed after the configuration block. It is used to inject instances and constants. This block is created using run() method. This method is like as main method in C or C++.
The run block is a great place to put event handlers that need to be executed at the root level for the application. For example, authentication handlers.

AngularJS is a MVC framework. It does not implement MVC in the traditional way, but rather something closer to MVVM Model-View-ViewModel).

AngularJS provides you built-in validation directives to validate form client side. This makes your life pretty easy to handle client-side form validations without adding a lot of extra effort. AngularJS form validations are based on the HTML5 form validators.

AngularJS directives for form validation
Here is a list of AngularJS directive which can be applied on an input field to validate its value.
<input type="text"
   ng-model="{ string }"
   [name="{ string }"] 
   [ng-required="{ boolean }"] 
   [ng-minlength="{ number }"] 
   [ng-maxlength="{ number }"] 
   [ng-pattern="{ string }"] 
   [ng-change="{ string }"]> 
</input>

A service is a reusable singleton object which is used to organize and share code across your app. A service can be injected into controllers, filters, directives.

AngularJS offers several built-in services (like $http, $provide, $resource, $window, $parse) which always start with $ sign.