When traffic is coming into the relay routers from the v6 side, the
relay router is the encapsulator, and has nothing to worry about
(assuming that proper ingress filtering was done elsewhere in the v6
net, etcetera, but that's an understood problem, nothing new there).
In this case it's the receiving 6to4 site router that's the
decapsulator and has the worries, but, as I've mentioned in other
postings, I think the problems for the 6to4 site router are much less
severe because such a router can make reasonably sane decisions based
on physical network topology (eg: "if it came in via an external
interface, it does not go out again on an external interface,
period").