You need to ensure that Address instances that are serialized by the XmlSerializer class meet the XML format requirements of the external data service
You need to ensure that the menu items are populated from an array of strings in your code-behind file
You need to display the user input in the Web page so that a cross-site scripting attack will be prevented