如何使我的GAE系统安全

I'm developing an iOS app that used GAE as a backend. The only sensitive data my app will transfer to GAE is login details, anything else that is transferred is not sensitive. I intend to use SSL for everything, just coz that seems most sensible to me - is there any reason not to? Also, I want some way of ensuring that my app is the only way that my GAE system can be accessed (ie nobody accessing it from the web/spoofing a client to look like mine) how do I go about this? I read something about public and private keys but wasn't exactly sure if it was relevant?I'm developing an iOS app that used GAE as a ba