How to secure an AJAX call from a facebook canvas application

Reading this Ajax example,

http://wiki.developers.facebook.com/index.php/FBJS/Examples/Ajax#Working_Example

I found the following line. I'm not sure what to understand out of it, how do you "check the sig values per Platform spec"?

"Note: For brevity's sake we are trusting $_POST['fb_sig_user'] without checking the full signature. This is unsafe as anyone could easily forge a user's action. Always be sure to either use the Facebook object which is supplied with the client libraries, or chec开发者_JS百科k the sig values per Platform spec"

You are under facebook application platform, if there is any leak in security, it is the fault of their platform, API. In other words, you are aleady safe there.