"No outside source has access to your server at all. Only server users can do things on the server. Any potential security concern would be if, for example, you have a script that handles uploads and doesn't do a good job of making sure those uploaded files are safe."
For a while now, I have been trying to get a better understanding of (Apache) webservers, file-permission, owners, groups and users. I checked with some experienced PHP-programmers (which I am not) and even they had to fess up that they did not really know.
For example, I am unclear how much of this security is hoster-specific. (I use Dreamhost myself).
What would be a good source? Or do you have a book on this, already?