You should do minimum security checks beforereleasing the rails app to the public. The possible threats could be hijacking user accounts, manipulate access control, accessing sensitive data, doctoring with garbage contents. You should act proactively to protect your valuable information.
Here you go with some useful security tips which you cannot ignore. Courtsey,:Ruby on Rails Security Guide.
Don't trust logged in users (Authentication != Authorization)
Always check whether the current logged in user is allowed to perform operation like create, update, delete and view.
Devise, a library which handles authentication, to verify that you can only get to the destroy action if you’re logged in. However, Devise does not handle authorization.
Apart from authentication authorization must be checked prior to allow any data sensitive operation.