The .htaccess file can do a number of things (redirecting users to a different page/website, blocking users from seeing a page, handling HTTP Authentication, etc). I haven't learned everything there is to know about them as there is a lot of features that you can use and sometimes they can get quite complex. I've only used the features that I specifically needed. If you take a look at this .htaccess generator, you'll see what I'm talking about.
http://cooletips.de/htaccess/ Mod Rewrite is probably the most commonly used feature.
For transmitting personal information, you'll definately want SSL. You'll need to purchase an SSL certificate and you'll need a dedicated IP address (If any other websites share the same IP and you try to use https on them, you'll get the main site that's set up for SSL instead).
If you're using Apache 2.x, I can give you my ModSecurity config which should work for you without any issues. Unfortunately, if you're using Apache 1.x, then my config won't work as the syntax for ModSecurity changed between Apache versions.
The biggest security risk is the scripts/software that you're using. Everytime one of my customers has had their website hacked, it was because they failed to properly update their PHP or Perl scripts. However, you'll also want to make sure that you keep Apache, Perl and PHP itself updated. And I shouldn't have to say it, but keep the Kernel and the rest of the software on that system up to date as well. If you're not using the server for anything other then as a web server, disable any other software. Better yet, uninstall it. The more you have installed/running, the bigger the security risk. If you never use/login using a GUI, then remove Gnome/KDE/X. There's no reason to ever keep it.