You'd have to post your code for specific commentary but here's some general ideas about security.
The main leaks are in forms because anyone can type anything into a form. If you are really paranoid then you should match each value of a form with a regex of expected values. Check for html, special characters etc. Anything that could allow someone to introduce commands into the code.
The other major leak is using GET instead of POST. Never submit sensitive information with the GET method. And as with above, do some pattern matching on your GET variables to make sure they're safe.
