The most important thing anyone could do to secure a web application is called input validation. The number one rule with security is to never trust user input. You don't know if someone is a regular user or an attacker, so it's safer to assume everyone is an attacker. This way, you don't make assumptions about data being safe to handle.
In the case of Real 1, input validation should check that any submitted number is a whole number between 1 and 5. This will rule out negative numbers, large numbers, and letters. Additionally, they could implement an IP-based throttling mechanism so you can't vote over and over from the same IP. They could implement a CAPTCHA to prevent botnets from submitting large amounts of votes. These are just three suggestions, and I know there are more. I'm not a developer by any means, but these should be pretty common knowledge to anyone in the security field.