Hi Ahmad,
F5 doesn't (yet?) provide a completely virtualized appliance like Cisco where you can assign CPUs, memory and networks to individual contexts. But there are many options for isolating one set of clients/apps from other sets of clients/apps on LTM. It really comes down to your security requirements and budget for which approach you take.
A major bank I work with in the UK has separate LTM pairs for each of their applications. Though for cost reasons, they're starting to investigate a shared architecture to host multiple apps through a single LTM pair. Another bank uses two pairs of LTMs with separate DMZ's between each but all apps on the same set of VLANs. Other large customers separate the apps using VLANs. Still others use routing domains to enforce network layer separation between different applications and client bases.
For a VLAN based solution, you can use a configuration described by Denny in this post:
htp://devcentral.f5.com/Default.aspx?tabid=53&forumid=31&tpage=1&view=topic&postid=2097922930
I recently set this up with routing domains for a customer who wanted to segregate their public to DMZ server traffic from internal users to internal servers. The advantage to route domains is that you can use overlapping subnets for each client. It also provides an additional layer of protection against misconfiguration of LTM allowing traffic to mix between the two sets of VLANs. I don't think the additional complexity in configuration is worth it though, if you don't need to support overlapping subnets.
There have been remotely exploitable vulnerabilities in LTM and other modules. But they aren't found frequently, and F5 provides quick fixes when issues have been discovered. If it's a very critical set of apps that justify the cost of separate devices, then you can always pay for separate pairs. Most customers I've worked with have found this risk doesn't justify the cost though.
As far as the redundancy configuration, LTM does support active-active. But it's not an implementation I like. There is potential for you to load the units past 50% capacity and lose redundancy. It also complicates the configuration as you need to assign VIPs to specific units.
Aaron