With regards to minimizing say the CSS and JQuery files for the backend of FUEL CMS, their is a fuel configuration parameter you can set in fuel/applications/config/MY_fuel.php of "$config['fuel_assets_output']" that can have the options of "TRUE, FALSE, inline, gzip, whitespace, or combine". For it to work, you will need to have a writable "cache" folder in all the modules (e.g. fuel/modules/{module}/assets/cache/). A little more can be found here:
http://www.getfuelcms.com/user_guide/libraries/asset

With regards to deployment and security, there are several options provided:
http://www.getfuelcms.com/user_guide/general/security

With regards to XSS and SQL Injection/SPAM, FUEL CMS uses the xss_clean and active record database classes of CodeIgniter (which have preventative SQL injection measures built into it) to help prevent such things. However, any custom development in the CMS should do the same to prevent it as well.