Yahoo Developer network has just released a page on security best practices. It's just one page right now, but there are links to other resources and it covers the important basics: http://developer.yahoo.com/security/ (Also posted on UPHPU.org.)