If you're never going to connect to Bitcoind, then how do you propose to communicate with it?
You put bitcoind on a secure server, expose the RPC port to the internal network, set up iptables and bitcoin.conf to only allow communication to/from that IP address. That's pretty much the extent of it - the bitcoind process is a fairly simple system in so far as communicating with it goes. You can do all the validation and sanitizing you want on the middlebox (or webserver as the case may be), but in the end, you're still going to have to go through RPC to make use of bitcoind, unless you want to write your own software to manipulate wallet.dat and the blockchain... but at that point, we are really beyond the scope of discussion.
I'm not sure what validation and sanitizing you need to do, though, since you should never be passing any sort of user input through the RPC calls to begin with. I can't think of any reason or instance where you'd want to do this, with the exception of a users BTC address - which can be easily validated prior to passing it along. All other interaction should be pre-defined in your code, and even the users address can be predefined in so far as it's stored/validated/vetted/sanitized prior to storing it in the DB.