The thumb rule I have is that anything which has business logic or a business rule validation definitely needs to be present in a PlugIn. This ensures that your application is safe independent of the UI which the end user is using.
So what should client side scripting be used for. I believe it should be used for any CRM UI customizations and any validations which you want to perform at the client side.
Validations should avoid the server round trips for performance reasons. So if a validation depends on some data which needs to be pulled from server then I suggest let the PlugIn take care of it. The limitation in this case is that the error box is not very pretty. If you believe that this is not acceptable from the User experience perspective then you should consider embedding some virtual fields in the entity PropertyBag in the Retrieve PlugIn. Pull those dependent fields on the form when the entity is retrieved and then do the validation on the client side.
What if the validation needs to be based on the latest values of fields in another entity? I’ve never come across such a requirement and frankly in web world nothing is really real time. You’ve the server side PlugIn which will redo the validation anyways and if there’s something wrong with the latest value it will throw an error to the user.
So to summarize
1) Any business logic should always be written in the plug in
2) Any validation should always be written in a plug in
4) Avoid the validations which need a server round trip. Do them only if someone puts a gun on your head J