I've noticed a big shift toward more and more client-side Javascript code these days. Packages like Backbone.js and others perform validation, access control and more. Is this causing security risks and if so what risks should we be aware of? Is Javascript based validation a security risk?
It's a security risk if it isn't backed up with equivalent or stronger validation on the server side.
It can be very powerful as an ease-of-use feature to make the UX smoother, preventing tedious or jarring round-trips and page reloads, but you're quite right that you can't rely on it as a security feature.