I'd replace the field validation with a script trigger controlled script. This will give you full control of the process where you check for data entry problems, what error messages are displayed and what options for correcting the issue are permitted.
To keep users from accidentally accessing a record for which they should not have access, I'd also set up the users' account privileges to limit their access to only those records that they are permitted to access.
See "Editing record access privileges" in FileMaker Help and check out this particular sub section: "Entering a formula for limiting access on a record-by-record basis" for a description of how to set this up.
Thanks, yet again Phil. Question: does WebDirect now support event triggers like leaving a field? I was told that FM12 IWP did not.
The idea of editing the permissions is good. Except that these records are one to one with the client (aka these are profile records) so I am not really sure I want to make a permission set for each and every one of the clients (2000+)
It is my understanding that support for some triggers is now possible in WebDirect, but I could easily be wrong.
Another option that does not require triggers is to use a layout of global fields for creating a new record or editing an existing one. A save button on the layout would set the contents of fields from either a new or existing record to the contents of the global fields after first doing any needed validation checks on the contents of those fields. Since no new record is yet created, there's nothing to revert.