Since node.js is based on javascript, and since javascript is highly dynamic language, doesn't it mean that code injection on server side is even more dangerous than java or asp.net ?
Any language which allows you to easily evaluate a string as a line of code has inherent security risks. In this respect NodeJS is no worse than anything written in Javascript or PHP.
Even if you write your code in Java, or ASP a naive web programmer may still suffer an SQL injection attack if they are not careful and code injection is only one way in which an application may be compromised.
The key is to carefully filter any input from the user and think very carefully before using eval or writing self modifying code.
You will always need to validate user input in your server side code regardless of the technology choice.
For node.js there are libraries that helps you do this such as node-validator https://github.com/chriso/node-validator