the biggest concern you should have about php and security is turning register globals off. not doing so can allow users to override variables in your script. that's bad. look here:
http://www.zend.com/manual/security.registerglobals.php
if you want your connection to be secure you'll need ssl on that there apache install. very short how to here:
http://www.freebsddiary.org/apache13-modssl.php#integration
other than that the biggest step you can take is making sure your server is secure itself. you don't say what os you're using, but if you have to start fresh i would strongly recommend openbsd found here:
http://openbsd.org
it's pretty darn secure and besides, you should support the only canadian os anyway!
once you're done with yr os install, it's always a good idea to test it with nessus, found here:
http://www.nessus.org/
if you need to do a comparison between iis and apache or php and asp/jsp or similar, my favourite benchmark is run:
php exploit
through google and compare the results to asp exploit. read the first two pages of results and take some notes. not very scientific but it gets some specifics fast.
