David,
One thing you can do is to make sure that nothing is transmitted without being encrypted, this can be done using SSL ( Secured Socket Layering ). You want that data to be scrambled until it reaches it's destination where it will then be re compiled or decrypted. It is never a good idea to have any area of a site not secured by an SSL and likewise you want all transmissions to be secure too.