Since alot of the coding in AJAX applications is done in javascript on the web browser, it is only natual to do user-input validation on the browser itself (client side). This could be a major security risk in AJAX application. 

Imagine we have a bank application where the user is able to transfer money from his account to a different one. Naturally, you wouldn't want to allow the user to enter a negative value in textbox where he inserts the amount of money to transfer (You can't give someone -100 dollars). with AJAX, it might seem natural to write a client-side javascript code to make sure the value enterted is positive. 

However, when submitting the form data back to the server it is very easy to intercept this data and change it (Proxies, MITM, etc...). So somewhere between the browser (client) and the server, the data has been modified to a negative value.

That is why it is VERY important to re-validate sensitive information on server side. Once the submitted data has already arrived to the server, it is much more difficult to intercept change it.