How do i request customers some data (with a few fields that may be modified later on), store it inside a database after which show a few of the collected data towards the site customers to ensure that all the db contents aren't uncovered within the page source code?

Here is a complete example, following a page reload all of the information is visible within the page source:

import stdlib.crypto

type user= {md5sum: string; name: string; email: string; is_achy: bool }
db /users : stringmap(user);
db /users[_]/is_achy = {false}

setup_page()=
(
  <div id=#users>
    <div class="container">
    <table id=#lista >
    <tr>
      <th>Name</th>      
      <th>Headache?</th>      
    </tr>
    {list_db()}    
    </table>
    </div>
  </div>
  <div class="container">
    <p>
    Not on the list? Add it here.
    </p>
    <p>
    <input id=#username value="default"/>
    <input id=#email_address value="default@def.ault/>
    <input type="button" value="Add" onclick={_ -> add_user()} />
    </p>
  </div>
)

list_db()=
(  
  List.map(
    users -> <tr> <th>{users.name}</th> <th><input type="checkbox" id=#{users.md5sum} onclick={_ -> is_achy(users.md5sum)}/></th></tr>, StringMap.To.val_list(/users)
  )
)

add_user() =
(
  name = Dom.get_value(#username)
  md5sum = Crypto.Hash.md5(name)
  email = Dom.get_value(#email_address)  
  if name != "" then 
    do /users[md5sum] <- {~md5sum ~name ~email is_achy=false}
  Dom.transform([{Dom.select_body()} <- setup_page()])
)

is_achy(md5sum) =
(
  /users[md5sum]/is_achy <- Dom.is_checked(Dom.select_id(md5sum))

)

server = one_page_server("Achy head?", setup_page)

I am running underneath the assumption that what you're upset about would be that the emails may be seen in the sources, as the rest of the data you're exhibiting, therefore it is almost not a surprise that they're winding up around the client.

So why do your email reach the customer? I figured that marking the list_db work as server-side would resolve that but it is not the situation and to tell the truth, I am unsure why. I'm going to perform a little more digging or attempt to request somebody better informed than I'm. An easy (though not so acceptable) work-around is always to create a function that projects the user type into something that's required for the rendering within the browser and also to get this to projection around the server. It might look something similar to this:

@server users_data() =
(
  StringMap.map(user -> {md5sum=user.md5sum; name=user.name; is_achy=user.is_achy}, /users)
  |> StringMap.To.val_list
)

list_db()=
(
  render_user(user) =
    <tr>
      <th>{user.name}</th>
      <th><input type="checkbox" id=#{user.md5sum} onclick={_ -> is_achy(user.md5sum)}/></th>
    </tr>
  List.map(render_user, users_data())
)

You will find that the emails don't "leak" in to the client. I'll attempt to develop a much better answer though...