I certainly agree with the advice given thus far, but—it's important to keep things in perspective when dealing with security. The mantra I usually chant is somthing like “There Is No Magic”¹,which is to say that there should be a limit to the amount of paranoia in these things. After all, in order for a cracker to break security, it still comes down to executing foriegn code in your process space. And the only way for that to happen is for someone to let them (un-intentionly or not)! Sort of like vampires, they need the invitation before they can enter. I suppose that what I am saying is “Be careful, Be diligent, Be rational—but don't be more than that!”

hsm
¹With apoligies to any elves out there...