You can find the full source code for this website in the Seam package in the directory /examples/wiki. It is licensed under the LGPL.
No. Seam serializes access to session-scoped components, so you can be sure that only one request will be accessing that component at any given time. Seam also serializes access to the entire conversation, so any conversation-scoped component is guaranteed to be accessed by only one request at a time.
It's also important to note that concurrency has always been guaranteed in EJB stateless session beans (SLSB). The client thread selects an instance from a pool of objects (there is no guarantee that subsequent requests will access the same instance).
Singleton beans, introduced in the EJB 3.1 specification, enforce a single-threaded model on a single instance shared across the application (or cluster). That's in a contrast with Spring singletons, which are not thread-safe by default.