There will always be malicious hackers out there. I had a friend that had his website taken down for two days and it really hurt his business. My biggest worry is cross-site scripting. You never really want any sort of compromise of user personal information. How is this best prevented?