This is a multi-user environment, not multi-homed. To answer these questions you have to describe who has access to the server the JBoss server will run on.
> 1.) how do I prevent c1 from 'overdeploying' c2.ear
> with his own maliciously made c2.ear
With the Tomcat war's you can do this by setting up the apps-.xml to point to a place where only the owner of that application has write access. But for the deployed beans (and for the combined stuff ear) I don't know - you can of course write some custom mechanism to handle this: for example application deployers deposit their stuff in some common directory, you have some cron job who looks in this directory, checks the user/ear name mapping (they must have been previously registered) and if its ok copies them into the actual deployment area.
> 3.) how can I easily prevent c1 from using code
> (JSP,servlet classes or EJB-components that c2 has
Well c1 could make calls say to EJBs that c2 has deployed but that's the point of deploying components, other applications must be able to call them, right ? If they live in a security context calls will only be possible with valid credentials, so I'm not sure there is a security concern here.