While reading up on PHP security, I came across several links that I thought I would pass on:
Security Focus article on securing PHP installations:
<http://www.securityfocus.com/infocus/1706>
Article on PHP attack vectors and defenses:
<http://www.securereality.com.au/studyinscarlet.txt>
Bugtraq discussion on PHP security:
<http://www.securityfocus.com/archive/1/438417/30/0/threaded>