One tip: keep the url that they post to, off-site. Have it runnning under a different domain and with a different user name for access. This script would know about the main site and it's password system, and have authority to edit the passwords list: but the main site would NOT know about the password management site, and would not have authority to edit it's own passwords list. That way, if anyone hacks your site they don't automatically get to input their own password or read and spam your password list to the world. Nor can they find out where access is granted since the location is not in any of your code.

As to how you will enforce security, always start with htaccess. At the very least, you are going to need to create public and private zones on your site. Use this link for a good tutorial on .htaccess http://wsabstract.com/howto/htaccess.shtml.

Work out a full security model for the whole site. Remember, there is a war going on out there. Any payment gateway is an open invitation for attack. Both our own, and our merchant acquirer's site have been subjected to repeated attacks this year. Don't know what you're selling, but if it involves money then you can't have too much security: go for overkill.

Use these links to help you in your planning if you are using php: http://www.sitepoint.com/print/write-secure-scripts-php-4-2, http://www.sitepoint.com/print/users-php-sessions-mysql. And read the attached article for a broad picture of the treats and how to manage them.

i was thinking of using htaccess and make the password adding script to be accessible only by moneybookers?

p.s. thanks a lot for the useful links, i'll start reading them asap