mysql isn't very good for a non-blocking server. Node is a great tool. There are a fair amount of frameworks/modules and we're starting to see more and more node.js applications. As far as security goes, you're on your own. Building the server, implementing security, and protecting your server's code is up to you. If you tell Node.JS to serve your entire file-system and allow people to upload files everywhere, then you get what you expect- everyone can mess up your server. If you download node.js, you just get a language to code in and the node tools- not a web server with any possible security risks.
You also need to think about things like finding a good framework that implements HTTP standards correctly. Or if you'd rather read the fine print, do it yourself. With that said, be sure to research security in the frameworks you choose. I'm sure somebody implemented something badly, but I couldn't tell you which of the 1000s of modules is secure and which isn't. I believe the NPM repository is said to be clear of malware, I don't think integrity is a guarantee though.