This is somewhat old news (the original blog was written November 2006) but it’s a really good collection of simple things we can all keep in mind to avoid gaping security holes as we develop new web applications. Included are reminders about the vulnerabilities in browsable directories, plain-text variables, and freely-visable web stats from tools such as Webalizer (noted security vulnerabilities).
A few things I would add to the list include warnings about cross-site scripting vulnerabilities involved in careless variable passing (explanation here), SQL injection in forms, and predictability in the locations you place important files (system, admin, or install files). All of these items open doors for malicious outsiders to learn how your system is set up and find ways to exploit it.
You may think you’re safe from hackers, spam or any sort of malicious activity, but this stuff happens all the time to all sorts of websites. All it takes is a small hole and a script-kiddie with too much time on his or her hands to turn your hard work into a nightmare.