Secure Vaadin Application

Hello, I’m new in Vaadin and have a question regarding the improvement of application security.

Let’s say you have an https secured Vaadin application with a login form. This login form (with two fields: username/password) is prevented from SQL-Injections and properly implemented using setUser(…) and so forth.

The usernames and passwords of registered users are saved as hashed values in a server-side database. After successful authentication (checking username/password as hash values) over https the Vaadin application starts opening the real databases with potentially confidential information and returning some user interfaces with this data.

The business logic of the application is not used by any other service and is only available within this Vaadin application. The successful logged-in-users are considered as trustworthy (there will be only a few of them).

Is there any need to secure the Java web application using JavaEE like described in this article here
Creating Secure Vaadin Applications using JEE6
?