This may be a really dumb question but I figure why not...

I am using RIA Services with Entity Framework as the back end. I have some places in my app where I accept user input and directly ask RIA Services (and in turn EF and in turn my database) questions using their data. Do any of these layers help prevent security issues or should I scrub my data myself?

For example, whenever a new user registers with the app, I call this method:

[Query]
public IEnumerable<EmailVerificationResult> VerifyUserWithEmailToken(string token)
{
    using (UserService userService = new UserService())
    {
        // token came straight from the user, am I in trouble here passing it directly into
        // my DomainService, should I verify the data here (or in UserService)?
        User user = userService.GetUserByEmailVerificationToken(token);
        ...
    }
}

(and whether I should be rolling my own user verification system is another issue altogether, we are in the process of adopting MS's membership framework. I'm more interested in sql injection and RIA services in general)