As like your other web applications, you should flow in angular 2 applications also.
There are some basic guidelines to mitigate the security risks.
1. Consider using AOT compilation.
2. Try to avoid using or injecting dynamic HTML content to your component.
3. Try to avoid using external URLs if not trusted.
4. Try to prevent XSRF attack by restricting the REST APIs.
If you are using external resources like HTML, CSS, which is coming from outside the application in case you follow best practice/cleanly your apps.