Remember CodeIgniter is a development Framework. It doesn't strive to make you're application secure. It merely gives you the tools to do it yourself. If you look at CI's Security page, it pretty clear they are expecting the developer to understand Application Security and build it into their application.
If WebApp security is relatively new for you, I would start with OWASP. It might be advantageous to look at look other frameworks such as Zend or Cake which I believe do more upfront things
|array of user input
|insert array of user input in
xss_filter($array of user input)