My column from the Mar 2004 issue of php|architect is now available for free: Security Corner: Shared Hosting

This article explains, among other things, that safe_mode is no substitute for a secure server, and no shared host is ever going to be as secure as a dedicated one. However, if you're stuck on a shared host, I give some advice for making the most of your stay.

The article is a pretty comprehensive study of some of the more worrisome items for PHP developers today (like worrying about database credentials, filesystem security, browsing with PHP, etc). He tops it off with a "What can we do?" section giving a few suggestions that even some of the PHP gurus out there forget from time to time - such as keeping sensitive data in a database, storing database credentials in the Apache config, etc.