diff --git a/.env.example b/.env.example
new file mode 100644
index 0000000..4105fb9
--- /dev/null
+++ b/.env.example
@@ -0,0 +1,47 @@
+# ========================================
+# FIREBASE ENVIRONMENT VARIABLES TEMPLATE
+# ========================================
+# 
+# ARCHITECTURE:
+# - These variables are stored in .env (server-side)
+# - Server endpoint /api/config serves them to client
+# - Client loads via scripts/env.js before Firebase initialization
+# - Never expose .env to public repository
+#
+# SETUP INSTRUCTIONS:
+# 1. Copy this file: cp .env.example .env
+# 2. Get your Firebase project config from Firebase Console
+# 3. Fill in your actual values below
+# 4. NEVER push .env file to GitHub (it's in .gitignore)
+# 5. Each developer/environment needs their own .env file
+# 6. Server must be running for client to fetch config via /api/config
+#
+# ========================================
+
+# API Key - Allows app to connect to your Firebase project
+# Get from: Firebase Console > Project Settings > Web App Config
+VITE_FIREBASE_API_KEY=your_firebase_api_key_here
+
+# Auth Domain - Used for user login/signup
+# Format: your-project-name.firebaseapp.com
+VITE_FIREBASE_AUTH_DOMAIN=your_project_id.firebaseapp.com
+
+# Project ID - Unique identifier for your Firebase project
+# Get from: Firebase Console > Project Settings
+VITE_FIREBASE_PROJECT_ID=your_project_id
+
+# Storage Bucket - Where user files are stored
+# Format: your-project-name.firebasestorage.app
+VITE_FIREBASE_STORAGE_BUCKET=your_project_id.firebasestorage.app
+
+# Messaging Sender ID - For push notifications (if used)
+# Get from: Firebase Console > Project Settings
+VITE_FIREBASE_MESSAGING_SENDER_ID=your_messaging_sender_id
+
+# App ID - Identifies this web app in Firebase
+# Format: 1:number:web:random-id
+VITE_FIREBASE_APP_ID=1:your_app_id:web:your_web_app_id
+
+# Measurement ID - For Google Analytics (optional)
+# Get from: Firebase Console > Google Analytics settings
+VITE_FIREBASE_MEASUREMENT_ID=G-your_measurement_id
diff --git a/.gitignore b/.gitignore
index e50905a..773b7b4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -8,7 +8,6 @@ yarn-error.log
 .env
 .env.local
 .env.*.local
-env.js
 
 # IDE
 .vscode/
diff --git a/contact.html b/contact.html
index 953dd58..29af812 100644
--- a/contact.html
+++ b/contact.html
@@ -344,6 +344,38 @@
     .contact-form button:hover {
       background: #764ba2;
     }
+    .contact-form .form-group {
+      display: flex;
+      flex-direction: column;
+      gap: 0.3rem;
+      position: relative;
+    }
+    .contact-form .form-help,
+    .contact-form .error-message {
+      font-size: 0.85rem;
+      margin-top: 0.2rem;
+    }
+    .contact-form .form-help {
+      color: #aab4e8;
+    }
+    .contact-form .error-message {
+      color: #ff6b6b;
+      display: none;
+    }
+    .contact-form .form-group.has-error .error-message {
+      display: block;
+    }
+    .contact-form .form-group.has-error input,
+    .contact-form .form-group.has-error textarea {
+      border-color: #ff6b6b;
+      box-shadow: 0 0 0 3px rgba(255, 107, 107, 0.1);
+    }
+    .contact-form .message-counter {
+      font-size: 0.85rem;
+      color: #aab4e8;
+      text-align: right;
+      margin-top: 0.2rem;
+    }
     .contact-details {
       margin-top: 2.5rem;
       color: #e4e8f7;
@@ -500,11 +532,24 @@ <h1>Contact Us</h1>
       <p>
         We'd love to hear from you! Fill out the form below and our team will get back to you soon.
       </p>
-      <form class="contact-form" autocomplete="off">
-        <input type="text" name="name" placeholder="Your Name" required>
-        <input type="email" name="email" placeholder="Your Email" required>
-        <textarea name="message" rows="5" placeholder="Your Message" required></textarea>
-        <button type="submit">Send Message</button>
+      <form id="contact-form" class="contact-form" autocomplete="off" novalidate>
+        <div class="form-group">
+          <input type="text" id="contact-name" name="name" placeholder="Your Name" minlength="2" maxlength="50" required aria-describedby="nameHelp">
+          <small id="nameHelp" class="form-help">Full name (2-50 characters)</small>
+          <span class="error-message" id="nameError"></span>
+        </div>
+        <div class="form-group">
+          <input type="email" id="contact-email" name="email" placeholder="Your Email" required aria-describedby="emailHelp">
+          <small id="emailHelp" class="form-help">Valid email address</small>
+          <span class="error-message" id="emailError"></span>
+        </div>
+        <div class="form-group">
+          <textarea id="contact-message" name="message" rows="5" placeholder="Your Message" minlength="10" maxlength="1000" required aria-describedby="messageHelp"></textarea>
+          <small id="messageHelp" class="form-help">Your message (10-1000 characters)</small>
+          <span class="error-message" id="messageError"></span>
+          <div class="message-counter"><span id="messageCount">0</span>/1000</div>
+        </div>
+        <button type="submit" id="contactSubmitBtn">Send Message</button>
       </form>
       <div class="contact-details">
         <p><strong>Email:</strong> <a href="mailto:support@venturalink.com">support@venturalink.com</a></p>
@@ -549,34 +594,146 @@ <h2 id="modalTitle"></h2>
   <script src="scripts/cursor.js"></script>
 
   <script>
-    const form = document.querySelector('.contact-form');
+    const form = document.getElementById('contact-form');
+    const nameInput = document.getElementById('contact-name');
+    const emailInput = document.getElementById('contact-email');
+    const messageInput = document.getElementById('contact-message');
+    const messageCount = document.getElementById('messageCount');
     const modal = document.getElementById('notificationModal');
     const modalTitle = document.getElementById('modalTitle');
     const modalMessage = document.getElementById('modalMessage');
     const closeModal = document.getElementById('closeModal');
+    const submitBtn = document.getElementById('contactSubmitBtn');
+
+    // Validation functions
+    function validateName(value) {
+      return value && value.trim().length >= 2 && value.trim().length <= 50;
+    }
+
+    function validateEmail(value) {
+      const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+      return value && emailRegex.test(value);
+    }
 
-    // Simulated backend (replace later with actual API)
-    async function submitForm(data) {
-      return new Promise((resolve, reject) => {
-        setTimeout(() => {
-          Math.random() > 0.2 ? resolve({ ok: true }) : reject();
-        }, 1000);
-      });
+    function validateMessage(value) {
+      return value && value.trim().length >= 10 && value.trim().length <= 1000;
     }
 
+    function showFieldError(fieldId, errorId, message) {
+      const field = document.getElementById(fieldId);
+      const errorElement = document.getElementById(errorId);
+      const formGroup = field.closest('.form-group');
+      
+      formGroup.classList.add('has-error');
+      errorElement.textContent = message;
+    }
+
+    function clearFieldError(fieldId, errorId) {
+      const field = document.getElementById(fieldId);
+      const errorElement = document.getElementById(errorId);
+      const formGroup = field.closest('.form-group');
+      
+      formGroup.classList.remove('has-error');
+      errorElement.textContent = '';
+    }
+
+    // Character counter for message
+    messageInput.addEventListener('input', () => {
+      messageCount.textContent = messageInput.value.length;
+      
+      if (messageInput.value.length > messageInput.maxLength * 0.8) {
+        messageCount.style.color = '#ffa500';
+      } else if (messageInput.value.length > messageInput.maxLength * 0.95) {
+        messageCount.style.color = '#ff6b6b';
+      } else {
+        messageCount.style.color = '#aab4e8';
+      }
+    });
+
+    // Real-time validation
+    nameInput.addEventListener('blur', () => {
+      if (!nameInput.value) {
+        showFieldError('contact-name', 'nameError', 'Name is required');
+      } else if (!validateName(nameInput.value)) {
+        showFieldError('contact-name', 'nameError', 'Name must be between 2-50 characters');
+      } else {
+        clearFieldError('contact-name', 'nameError');
+      }
+    });
+
+    emailInput.addEventListener('blur', () => {
+      if (!emailInput.value) {
+        showFieldError('contact-email', 'emailError', 'Email is required');
+      } else if (!validateEmail(emailInput.value)) {
+        showFieldError('contact-email', 'emailError', 'Please enter a valid email address');
+      } else {
+        clearFieldError('contact-email', 'emailError');
+      }
+    });
+
+    messageInput.addEventListener('blur', () => {
+      if (!messageInput.value) {
+        showFieldError('contact-message', 'messageError', 'Message is required');
+      } else if (!validateMessage(messageInput.value)) {
+        showFieldError('contact-message', 'messageError', 'Message must be between 10-1000 characters');
+      } else {
+        clearFieldError('contact-message', 'messageError');
+      }
+    });
+
+    // Form submission
     form.addEventListener('submit', async (e) => {
       e.preventDefault();
-      const formData = new FormData(form);
-      const data = Object.fromEntries(formData.entries());
+
+      // Validate all fields
+      let isFormValid = true;
+
+      if (!validateName(nameInput.value)) {
+        showFieldError('contact-name', 'nameError', 'Name must be between 2-50 characters');
+        isFormValid = false;
+      } else {
+        clearFieldError('contact-name', 'nameError');
+      }
+
+      if (!validateEmail(emailInput.value)) {
+        showFieldError('contact-email', 'emailError', 'Please enter a valid email address');
+        isFormValid = false;
+      } else {
+        clearFieldError('contact-email', 'emailError');
+      }
+
+      if (!validateMessage(messageInput.value)) {
+        showFieldError('contact-message', 'messageError', 'Message must be between 10-1000 characters');
+        isFormValid = false;
+      } else {
+        clearFieldError('contact-message', 'messageError');
+      }
+
+      if (!isFormValid) return;
+
+      // Submit form
+      submitBtn.disabled = true;
+      submitBtn.textContent = 'Sending...';
 
       try {
-        const response = await submitForm(data);
-        if (response.ok) {
-          form.reset();
-          showModal("Success!", "Your message has been sent successfully!");
-        }
+        const formData = new FormData(form);
+        const data = Object.fromEntries(formData.entries());
+
+        // Simulated backend call (replace with actual API)
+        await new Promise((resolve, reject) => {
+          setTimeout(() => {
+            Math.random() > 0.2 ? resolve({ ok: true }) : reject();
+          }, 1000);
+        });
+
+        form.reset();
+        messageCount.textContent = '0';
+        showModal('Success!', 'Your message has been sent successfully! We will get back to you soon.');
       } catch (error) {
-        showModal("Error", "Something went wrong, please try again.");
+        showModal('Error', 'Something went wrong, please try again.');
+      } finally {
+        submitBtn.disabled = false;
+        submitBtn.textContent = 'Send Message';
       }
     });
 
diff --git a/create-proposal.html b/create-proposal.html
index 28759aa..b7b7fa4 100644
--- a/create-proposal.html
+++ b/create-proposal.html
@@ -134,8 +134,9 @@ <h2>Basic Information</h2>
 
                         <div class="form-grid">
                             <div class="form-group floating-label">
-                                <input type="text" id="title" name="title" required placeholder=" ">
+                                <input type="text" id="title" name="title" required placeholder="e.g., TechFlow Solutions" aria-describedby="titleHelp" tabindex="1">
                                 <label for="title">Business Name / Title</label>
+                                <small id="titleHelp" class="field-help">Enter your business name or startup title</small>
                                 <div class="input-border"></div>
                                 <div class="field-icon">
                                     <svg width="18" height="18" fill="currentColor" viewBox="0 0 24 24">
@@ -145,7 +146,7 @@ <h2>Basic Information</h2>
                             </div>
 
                             <div class="form-group custom-select">
-                                <select id="category" name="category" required>
+                                <select id="category" name="category" required aria-describedby="categoryHelp" tabindex="2">
                                     <option value="">Select a category</option>
                                     <option value="technology">🚀 Technology</option>
                                     <option value="healthcare">🏥 Healthcare</option>
@@ -156,6 +157,7 @@ <h2>Basic Information</h2>
                                     <option value="other">🔧 Other</option>
                                 </select>
                                 <label for="category">Business Category</label>
+                                <small id="categoryHelp" class="field-help">Select the industry your business operates in</small>
                                 <div class="select-arrow">
                                     <svg width="18" height="18" fill="currentColor" viewBox="0 0 24 24">
                                         <path d="M7 10l5 5 5-5z"/>
@@ -181,21 +183,21 @@ <h2>Business Details</h2>
 
                         <div class="form-grid">
                             <div class="form-group floating-label full-width">
-                                <textarea id="description" name="description" required rows="4" placeholder=" "></textarea>
+                                <textarea id="description" name="description" required rows="4" placeholder="Describe your business, vision, and what makes it unique..." maxlength="500"></textarea>
                                 <label for="description">Business Description</label>
                                 <div class="input-border"></div>
                                 <div class="char-counter" data-target="description" data-max="500">0/500</div>
                             </div>
 
                             <div class="form-group floating-label">
-                                <textarea id="problem" name="problem" required rows="3" placeholder=" "></textarea>
+                                <textarea id="problem" name="problem" required rows="3" placeholder="What specific problem does your business solve?" maxlength="300"></textarea>
                                 <label for="problem">Problem Statement</label>
                                 <div class="input-border"></div>
                                 <div class="char-counter" data-target="problem" data-max="300">0/300</div>
                             </div>
 
                             <div class="form-group floating-label">
-                                <textarea id="solution" name="solution" required rows="3" placeholder=" "></textarea>
+                                <textarea id="solution" name="solution" required rows="3" placeholder="How does your solution address the problem?" maxlength="300"></textarea>
                                 <label for="solution">Your Solution</label>
                                 <div class="input-border"></div>
                                 <div class="char-counter" data-target="solution" data-max="300">0/300</div>
@@ -219,21 +221,21 @@ <h2>Investment Details</h2>
 
                         <div class="form-grid">
                             <div class="form-group floating-label currency-input">
-                                <input type="number" id="amount" name="amount" required min="1000" placeholder=" ">
+                                <input type="text" id="amount" name="amount" required placeholder="e.g., 500000" data-currency="true">
                                 <label for="amount">Investment Amount Needed</label>
                                 <div class="currency-symbol">$</div>
                                 <div class="input-border"></div>
                             </div>
 
                             <div class="form-group floating-label percentage-input">
-                                <input type="number" id="equity" name="equity" min="0" max="100" placeholder=" ">
+                                <input type="number" id="equity" name="equity" min="0" max="100" placeholder="e.g., 10">
                                 <label for="equity">Equity Offered</label>
                                 <div class="percentage-symbol">%</div>
                                 <div class="input-border"></div>
                             </div>
 
                             <div class="form-group floating-label full-width">
-                                <textarea id="useOfFunds" name="useOfFunds" required rows="3" placeholder=" "></textarea>
+                                <textarea id="useOfFunds" name="useOfFunds" required rows="3" placeholder="How will you use the investment funds? (R&D, Marketing, Operations, etc.)" maxlength="400"></textarea>
                                 <label for="useOfFunds">Use of Funds</label>
                                 <div class="input-border"></div>
                                 <div class="char-counter" data-target="useOfFunds" data-max="400">0/400</div>
@@ -257,21 +259,21 @@ <h2>Additional Information</h2>
 
                         <div class="form-grid">
                             <div class="form-group floating-label">
-                                <textarea id="marketSize" name="marketSize" rows="2" placeholder=" "></textarea>
+                                <textarea id="marketSize" name="marketSize" rows="2" placeholder="Estimate your addressable market size and growth potential..." maxlength="250"></textarea>
                                 <label for="marketSize">Market Size & Potential</label>
                                 <div class="input-border"></div>
                                 <div class="char-counter" data-target="marketSize" data-max="250">0/250</div>
                             </div>
 
                             <div class="form-group floating-label">
-                                <textarea id="competitors" name="competitors" rows="2" placeholder=" "></textarea>
+                                <textarea id="competitors" name="competitors" rows="2" placeholder="Who are your competitors and what makes your solution different?" maxlength="250"></textarea>
                                 <label for="competitors">Competitive Landscape</label>
                                 <div class="input-border"></div>
                                 <div class="char-counter" data-target="competitors" data-max="250">0/250</div>
                             </div>
 
                             <div class="form-group floating-label full-width">
-                                <textarea id="timeline" name="timeline" rows="2" placeholder=" "></textarea>
+                                <textarea id="timeline" name="timeline" rows="2" placeholder="Outline key milestones and timeline for achieving your business goals..." maxlength="300"></textarea>
                                 <label for="timeline">Business Timeline & Milestones</label>
                                 <div class="input-border"></div>
                                 <div class="char-counter" data-target="timeline" data-max="300">0/300</div>
@@ -338,6 +340,7 @@ <h2>Additional Information</h2>
             })();
         </script>
 
+    <script src="./scripts/env.js"></script>
     <script type="module" src="./scripts/create-proposal.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/forgot-password.html b/forgot-password.html
index d368a97..17b4155 100644
--- a/forgot-password.html
+++ b/forgot-password.html
@@ -138,6 +138,7 @@ <h1 class="auth-title">Forgot Password</h1>
     </main>
 
     <!-- External Script -->
+    <script src="./scripts/env.js"></script>
     <script type="module" src="scripts/forgot-password.js" defer></script>
   </body>
 </html>
diff --git a/package-lock.json b/package-lock.json
index ec479e7..ff95151 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -12,7 +12,10 @@
         "@google/generative-ai": "^0.21.0",
         "cors": "^2.8.5",
         "dotenv": "^16.4.5",
-        "express": "^5.1.0"
+        "express": "^5.1.0",
+        "express-rate-limit": "^7.4.1",
+        "express-validator": "^7.2.0",
+        "helmet": "^8.0.0"
       }
     },
     "node_modules/@google/generative-ai": {
@@ -301,6 +304,34 @@
         "url": "https://opencollective.com/express"
       }
     },
+    "node_modules/express-rate-limit": {
+      "version": "7.5.1",
+      "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-7.5.1.tgz",
+      "integrity": "sha512-7iN8iPMDzOMHPUYllBEsQdWVB6fPDMPqwjBaFrgr4Jgr/+okjvzAy+UHlYYL/Vs0OsOrMkwS6PJDkFlJwoxUnw==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 16"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/express-rate-limit"
+      },
+      "peerDependencies": {
+        "express": ">= 4.11"
+      }
+    },
+    "node_modules/express-validator": {
+      "version": "7.3.1",
+      "resolved": "https://registry.npmjs.org/express-validator/-/express-validator-7.3.1.tgz",
+      "integrity": "sha512-IGenaSf+DnWc69lKuqlRE9/i/2t5/16VpH5bXoqdxWz1aCpRvEdrBuu1y95i/iL5QP8ZYVATiwLFhwk3EDl5vg==",
+      "license": "MIT",
+      "dependencies": {
+        "lodash": "^4.17.21",
+        "validator": "~13.15.23"
+      },
+      "engines": {
+        "node": ">= 8.0.0"
+      }
+    },
     "node_modules/finalhandler": {
       "version": "2.1.0",
       "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-2.1.0.tgz",
@@ -418,6 +449,15 @@
         "node": ">= 0.4"
       }
     },
+    "node_modules/helmet": {
+      "version": "8.1.0",
+      "resolved": "https://registry.npmjs.org/helmet/-/helmet-8.1.0.tgz",
+      "integrity": "sha512-jOiHyAZsmnr8LqoPGmCjYAaiuWwjAPLgY8ZX2XrmHawt99/u1y6RgrZMTeoPfpUbV96HOalYgz1qzkRbw54Pmg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
     "node_modules/http-errors": {
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.0.tgz",
@@ -476,6 +516,12 @@
       "integrity": "sha512-hvpoI6korhJMnej285dSg6nu1+e6uxs7zG3BYAm5byqDsgJNWwxzM6z6iZiAgQR4TJ30JmBTOwqZUw3WlyH3AQ==",
       "license": "MIT"
     },
+    "node_modules/lodash": {
+      "version": "4.17.23",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz",
+      "integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==",
+      "license": "MIT"
+    },
     "node_modules/math-intrinsics": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/math-intrinsics/-/math-intrinsics-1.1.0.tgz",
@@ -869,6 +915,15 @@
         "node": ">= 0.8"
       }
     },
+    "node_modules/validator": {
+      "version": "13.15.26",
+      "resolved": "https://registry.npmjs.org/validator/-/validator-13.15.26.tgz",
+      "integrity": "sha512-spH26xU080ydGggxRyR1Yhcbgx+j3y5jbNXk/8L+iRvdIEQ4uTRH2Sgf2dokud6Q4oAtsbNvJ1Ft+9xmm6IZcA==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.10"
+      }
+    },
     "node_modules/vary": {
       "version": "1.1.2",
       "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz",
diff --git a/profile.html b/profile.html
index 7d6a132..ba88c1a 100644
--- a/profile.html
+++ b/profile.html
@@ -129,16 +129,18 @@ <h3>Edit Your Profile</h3>
             <label for="bio">Your Bio</label>
             <div class="input-wrapper">
               <i data-lucide="align-left"></i>
-              <textarea id="bio" name="bio" rows="3" placeholder="Tell us about yourself..."></textarea>
+              <textarea id="bio" name="bio" rows="3" placeholder="Tell us about yourself..." maxlength="500" aria-describedby="bioHelp"></textarea>
             </div>
+            <small id="bioHelp" class="form-text">Maximum 500 characters</small>
           </div>
           <!-- Phone -->
           <div class="form-group">
             <label for="phone">Phone Number</label>
             <div class="input-wrapper">
               <i data-lucide="phone"></i>
-              <input type="tel" id="phone" name="phone" placeholder="+1 (555) 123-4567">
+              <input type="tel" id="phone" name="phone" placeholder="+1 (555) 123-4567" pattern="[+]?[0-9\s()-]{7,}" aria-describedby="phoneHelp">
             </div>
+            <small id="phoneHelp" class="form-text">Enter a valid phone number with country code (e.g., +1-555-123-4567)</small>
           </div>
           <button type="submit" class="premium-btn">
             <i data-lucide="save"></i>
@@ -181,6 +183,7 @@ <h3>Are you sure you want to log out?</h3>
   </main>
 
   <!-- Profile JS -->
+  <script src="./scripts/env.js"></script>
   <script type="module" src="scripts/profile.js"></script>
 </body>
 </html>
diff --git a/proposals.html b/proposals.html
index dfb2b12..4b950fc 100644
--- a/proposals.html
+++ b/proposals.html
@@ -330,6 +330,7 @@ <h4>Get in Touch</h4>
         </div>
     </footer>
 
+    <script src="./scripts/env.js"></script>
     <script type="module" src="./scripts/proposals.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/register.html b/register.html
index 69d2813..dd78c56 100644
--- a/register.html
+++ b/register.html
@@ -414,6 +414,7 @@ <h1 class="auth-title">Join Venturalink</h1>
                 </svg>
               </div>
               <input
+                id="reg-password"
                 type="password"
                 name="password"
                 required
@@ -421,6 +422,20 @@ <h1 class="auth-title">Join Venturalink</h1>
                 class="field-input"
                 minlength="8"
               />
+              <button type="button" id="reg-password-toggle" class="password-toggle" aria-label="Show password" data-visible="false">
+                <!-- Eye (visible state) -->
+                <svg class="icon-eye" viewBox="0 0 24 24" fill="none" stroke="currentColor">
+                  <path d="M1 12s4-7 11-7 11 7 11 7-4 7-11 7S1 12 1 12Z" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+                  <circle cx="12" cy="12" r="3" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+                </svg>
+                <!-- Eye off (hidden state) -->
+                <svg class="icon-eye-off" viewBox="0 0 24 24" fill="none" stroke="currentColor">
+                  <path d="M17.94 17.94A10.94 10.94 0 0 1 12 19c-7 0-11-7-11-7a21.8 21.8 0 0 1 5.06-5.94" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+                  <path d="M9.9 4.24A10.94 10.94 0 0 1 12 5c7 0 11 7 11 7a21.8 21.8 0 0 1-2.16 3.19" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+                  <path d="M14.12 14.12a3 3 0 0 1-4.24-4.24" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+                  <path d="M1 1l22 22" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+                </svg>
+              </button>
             </div>
 
             <ul id="password-checklist" class="password-checklist">
diff --git a/scripts/create-proposal.js b/scripts/create-proposal.js
index e8afb31..5f6c466 100644
--- a/scripts/create-proposal.js
+++ b/scripts/create-proposal.js
@@ -530,11 +530,73 @@ async function handleLogout() {
     }
 }
 
+// Currency validation function for handling formatted amounts (₹3,00,000, etc.)
+function setupCurrencyValidation() {
+    const amountField = document.getElementById('amount');
+    
+    if (!amountField) return;
+    
+    // Real-time validation and formatting
+    amountField.addEventListener('input', function(e) {
+        let value = e.target.value;
+        
+        // Remove all non-numeric characters except comma and dot
+        let numericValue = value.replace(/[^\d,.]/g, '');
+        
+        // Update the field with cleaned value
+        e.target.value = numericValue;
+        
+        // Validate: ensure it's a valid number
+        if (numericValue && isNaN(numericValue.replace(/,/g, ''))) {
+            e.target.style.borderColor = '#ff6b6b';
+        } else {
+            e.target.style.borderColor = '';
+        }
+    });
+    
+    // Validation on blur and form submission
+    const validateAmount = () => {
+        const value = amountField.value.trim();
+        
+        if (!value) return true; // Allow empty if not required by section
+        
+        // Remove commas and convert to number
+        const numericValue = parseFloat(value.replace(/,/g, ''));
+        
+        if (isNaN(numericValue) || numericValue < 1000) {
+            amountField.style.borderColor = '#ff6b6b';
+            amountField.style.boxShadow = '0 0 0 3px rgba(255, 107, 107, 0.2)';
+            showAlert('Please enter a valid amount (minimum ₹1000)', 'error');
+            return false;
+        }
+        
+        amountField.style.borderColor = '';
+        amountField.style.boxShadow = '';
+        return true;
+    };
+    
+    amountField.addEventListener('blur', validateAmount);
+    
+    // Override form submission to validate amount
+    const originalValidate = validateCurrentSection;
+    window.validateCurrentSection = function() {
+        const result = originalValidate.call(this);
+        
+        // Check if we're on section 3 (Investment section)
+        if (currentSection === 3) {
+            return result && validateAmount();
+        }
+        
+        return result;
+    };
+}
+
 // Initialize form when DOM is loaded
 document.addEventListener('DOMContentLoaded', () => {
     setupEventListeners();
     setupFormInteractions();
     setupCharacterCounters();
+    setupCurrencyValidation();
     updateFormNavigation();
     
     // Load draft if available
@@ -595,4 +657,46 @@ auth.onAuthStateChanged(async (user) => {
         updateDebugInfo('Error', 'Error checking type');
         showAlert('Error checking user permissions. Please refresh the page.', 'error');
     }
-});
\ No newline at end of file
+});
+
+// ===========================
+// Select Dropdown Keyboard Navigation Enhancement
+// ===========================
+document.addEventListener('DOMContentLoaded', () => {
+    const customSelects = document.querySelectorAll('.custom-select select');
+    
+    customSelects.forEach(select => {
+        // Improve keyboard navigation for accessibility
+        select.addEventListener('keydown', (e) => {
+            if (e.key === 'ArrowDown' || e.key === 'ArrowUp') {
+                e.preventDefault();
+                const options = Array.from(select.options);
+                const currentIndex = select.selectedIndex;
+                
+                if (e.key === 'ArrowDown' && currentIndex < options.length - 1) {
+                    select.selectedIndex = currentIndex + 1;
+                } else if (e.key === 'ArrowUp' && currentIndex > 0) {
+                    select.selectedIndex = currentIndex - 1;
+                }
+                
+                // Trigger change event
+                select.dispatchEvent(new Event('change', { bubbles: true }));
+            }
+        });
+        
+        // Add visual feedback on focus
+        select.addEventListener('focus', () => {
+            const parent = select.closest('.custom-select');
+            if (parent) {
+                parent.style.borderColor = 'var(--text-accent)';
+            }
+        });
+        
+        select.addEventListener('blur', () => {
+            const parent = select.closest('.custom-select');
+            if (parent) {
+                parent.style.borderColor = '';
+            }
+        });
+    });
+});
diff --git a/scripts/env.js b/scripts/env.js
new file mode 100644
index 0000000..bd3a44e
--- /dev/null
+++ b/scripts/env.js
@@ -0,0 +1,24 @@
+// scripts/env.js
+// Load environment variables from server and expose them to window object
+// This allows browser-side code to access server environment variables
+
+(async function loadEnv() {
+  try {
+    // Fetch Firebase configuration from server API
+    const response = await fetch('/api/config');
+    
+    if (!response.ok) {
+      throw new Error(`Failed to load config: ${response.status} ${response.statusText}`);
+    }
+    
+    const config = await response.json();
+    
+    // Expose Firebase config to window object
+    window.firebaseConfig = config.firebaseConfig;
+    
+    console.log('✅ Environment configuration loaded successfully');
+  } catch (error) {
+    console.error('❌ Failed to load environment configuration:', error.message);
+    console.warn('⚠️ Firebase may not initialize correctly without proper configuration');
+  }
+})();
diff --git a/scripts/firebase-config.js b/scripts/firebase-config.js
index e42b49a..e96be07 100644
--- a/scripts/firebase-config.js
+++ b/scripts/firebase-config.js
@@ -3,16 +3,24 @@ import { initializeApp } from "https://www.gstatic.com/firebasejs/9.22.2/firebas
 import { getAuth } from "https://www.gstatic.com/firebasejs/9.22.2/firebase-auth.js";
 import { getFirestore } from "https://www.gstatic.com/firebasejs/9.22.2/firebase-firestore.js";
 
-const firebaseConfig = {
-    apiKey: "AIzaSyA37bruIT_neT5w-8CUuPGofy0Lnv2UJOg",
-    authDomain: "project-1-747ec.firebaseapp.com",
-    projectId: "project-1-747ec",
-    storageBucket: "project-1-747ec.firebasestorage.app",
-    messagingSenderId: "122686135785",
-    appId: "1:122686135785:web:7e159363045f52208cbf78",
-    measurementId: "G-1GT8XMMFM3"
+// Get Firebase configuration from window object (loaded by env.js)
+// env.js fetches this from /api/config endpoint
+const firebaseConfig = window.firebaseConfig || {
+    apiKey: undefined,
+    authDomain: undefined,
+    projectId: undefined,
+    storageBucket: undefined,
+    messagingSenderId: undefined,
+    appId: undefined,
+    measurementId: undefined
 };
 
+// Check if configuration is available
+if (!firebaseConfig.apiKey) {
+    console.error('❌ Firebase configuration not available. Make sure env.js is loaded before this script.');
+    console.warn('⚠️ Firebase initialization will fail without proper configuration.');
+}
+
 // Initialize Firebase
 const app = initializeApp(firebaseConfig);
 
diff --git a/scripts/firebase.js b/scripts/firebase.js
index 76bffc1..cbd4919 100644
--- a/scripts/firebase.js
+++ b/scripts/firebase.js
@@ -1,14 +1,5 @@
-// 1. Import the configuration object from our new untracked file
-import { firebaseConfig } from './firebase-config.js';
+// Re-export Firebase services from firebase-config.js
+// This prevents duplicate initialization and maintains backward compatibility
+import { auth, db, app } from './firebase-config.js';
 
-// 2. Import the necessary functions from the SDKs
-import { initializeApp } from "https://www.gstatic.com/firebasejs/9.22.2/firebase-app.js";
-import { getAuth } from "https://www.gstatic.com/firebasejs/9.22.2/firebase-auth.js";
-import { getFirestore } from "https://www.gstatic.com/firebasejs/9.22.2/firebase-firestore.js";
-
-// 3. Initialize Firebase with the imported config
-const app = initializeApp(firebaseConfig);
-
-// 4. Export auth and db for rest of the app to use
-export const auth = getAuth(app);
-export const db = getFirestore(app);
\ No newline at end of file
+export { auth, db, app };
\ No newline at end of file
diff --git a/scripts/register.js b/scripts/register.js
index 4b588c8..6e1b08f 100644
--- a/scripts/register.js
+++ b/scripts/register.js
@@ -64,6 +64,7 @@ if (registerForm) {
 document.addEventListener('DOMContentLoaded', () => {
   const passwordField = registerForm?.querySelector('input[name="password"]');
   const emailField = registerForm?.querySelector('input[name="email"]');
+  const passwordToggleBtn = document.getElementById('reg-password-toggle');
 
   checklist = {
     minLength: document.getElementById('rule-minLength'),
@@ -87,6 +88,26 @@ document.addEventListener('DOMContentLoaded', () => {
     });
   }
 
+  // Password visibility toggle functionality
+  if (passwordToggleBtn && passwordField) {
+    passwordToggleBtn.addEventListener('click', (e) => {
+      e.preventDefault();
+      e.stopPropagation();
+      
+      const isVisible = passwordToggleBtn.getAttribute('data-visible') === 'true';
+      
+      if (isVisible) {
+        // Hide password
+        passwordField.type = 'password';
+        passwordToggleBtn.setAttribute('data-visible', 'false');
+      } else {
+        // Show password
+        passwordField.type = 'text';
+        passwordToggleBtn.setAttribute('data-visible', 'true');
+      }
+    });
+  }
+
 
 // --- START: Progress Bar Logic ---
 if (document.getElementById('progress-bar-fill')) {
diff --git a/server.js b/server.js
index 645dfb9..83ec3ae 100644
--- a/server.js
+++ b/server.js
@@ -27,7 +27,8 @@ app.use(helmet({
         "https://firestore.googleapis.com", 
         "https://identitytoolkit.googleapis.com",
         "https://securetoken.googleapis.com",
-        "https://www.googleapis.com"
+        "https://www.googleapis.com",
+        "https://www.gstatic.com"
       ],
       frameSrc: ["'none'"],
       objectSrc: ["'none'"],
@@ -135,6 +136,45 @@ app.get("/api/chat/health", apiLimiter, (req, res) => {
   });
 });
 
+// Config endpoint - serves Firebase configuration to client
+app.get("/api/config", apiLimiter, (req, res) => {
+  try {
+    const firebaseConfig = {
+      apiKey: process.env.VITE_FIREBASE_API_KEY,
+      authDomain: process.env.VITE_FIREBASE_AUTH_DOMAIN,
+      projectId: process.env.VITE_FIREBASE_PROJECT_ID,
+      storageBucket: process.env.VITE_FIREBASE_STORAGE_BUCKET,
+      messagingSenderId: process.env.VITE_FIREBASE_MESSAGING_SENDER_ID,
+      appId: process.env.VITE_FIREBASE_APP_ID,
+      measurementId: process.env.VITE_FIREBASE_MEASUREMENT_ID
+    };
+
+    // Validate that all required Firebase keys are present
+    const requiredKeys = ['apiKey', 'authDomain', 'projectId', 'appId'];
+    const missingKeys = requiredKeys.filter(key => !firebaseConfig[key]);
+
+    if (missingKeys.length > 0) {
+      console.warn(`⚠️ Firebase Configuration Warning: Missing keys: ${missingKeys.join(', ')}`);
+      return res.status(400).json({
+        error: 'Incomplete Firebase configuration',
+        missingKeys: missingKeys,
+        message: 'Please check your .env file and ensure all required Firebase variables are set'
+      });
+    }
+
+    res.json({ 
+      firebaseConfig: firebaseConfig,
+      message: 'Firebase configuration loaded successfully'
+    });
+  } catch (error) {
+    console.error('❌ Error serving Firebase configuration:', error.message);
+    res.status(500).json({ 
+      error: 'Failed to load configuration',
+      message: error.message 
+    });
+  }
+});
+
 // Chatbot endpoint with validation and rate limiting
 app.post(
   "/api/chat",
diff --git a/styles/profile.css b/styles/profile.css
index 4e36066..2d4301d 100644
--- a/styles/profile.css
+++ b/styles/profile.css
@@ -144,6 +144,7 @@ body {
 /* --- Edit Profile Form --- */
 .premium-form { display: flex; flex-direction: column; gap: var(--space-lg); }
 .premium-form .form-group { display: flex; flex-direction: column; gap: var(--space-sm); }
+.form-text { font-size: 0.85rem; color: var(--text-secondary); margin-top: 0.3rem; display: block; }
 .premium-form label { font-weight: 500; color: var(--text-secondary); }
 .input-wrapper { position: relative; display: flex; align-items: center; }
 .input-wrapper i { position: absolute; left: var(--space-md); color: var(--text-tertiary); z-index: 1; pointer-events: none; }
diff --git a/styles/proposal.css b/styles/proposal.css
index 160047e..248836f 100644
--- a/styles/proposal.css
+++ b/styles/proposal.css
@@ -712,6 +712,22 @@ body {
     }
 }
 
+/* Field Help Text */
+.field-help {
+    font-size: 0.85rem;
+    color: var(--text-secondary);
+    margin-top: 0.3rem;
+    display: block;
+    transition: var(--transition-fast);
+}
+
+.floating-label input:focus ~ .field-help,
+.floating-label input:not(:placeholder-shown) ~ .field-help,
+.floating-label textarea:focus ~ .field-help,
+.floating-label textarea:not(:placeholder-shown) ~ .field-help {
+    color: var(--text-accent);
+}
+
 /* Currency and Percentage Inputs */
 .currency-input .currency-symbol,
 .percentage-input .percentage-symbol {
@@ -891,6 +907,34 @@ body {
     box-shadow: 0 0 20px rgba(67, 233, 123, 0.4);
 }
 
+/* Loading States */
+.btn-loading {
+    opacity: 0.7;
+    cursor: not-allowed;
+    pointer-events: none;
+}
+
+.btn-loading::after {
+    content: '';
+    display: inline-block;
+    width: 1rem;
+    height: 1rem;
+    margin-left: 0.5rem;
+    border: 2px solid rgba(255, 255, 255, 0.3);
+    border-top-color: #fff;
+    border-radius: 50%;
+    animation: spin 0.8s linear infinite;
+}
+
+@keyframes spin {
+    to { transform: rotate(360deg); }
+}
+
+.submit-btn:disabled {
+    opacity: 0.6;
+    cursor: not-allowed;
+}
+
 .section-indicator {
     display: flex;
     align-items: center;