Use SSL to prevent network sniffing Use %mcrypt% If you store keys, mind the security on the key storage Don't store plaintext passwords Watch out for misconfigured shared hosting environments