Excellent article; I have used all three types of tree representations before. In one project, we used a materialized path, and I kind of wish I'd thought to...
Technically, client-side validation is NOT enough; hackers can craft direct HTTP POSTs (or even use tools like Fiddler to make it childishly simple to intercept and re-write POST information). ...