I'll add my .05 cents (It should be .02 cents...but inflation )
I say if you can try to keep everything modularized on your website as much possible, it would add to your security a lot. If you can keep all you html on one page, by that I mean you headers and footers (HTML) [they can be separate files] and then have you can have content in modules (you can even keep these files in a separate folder) it would keep you organized and offer up better security. Keep you sensitive data (login requirements, database information, etc...) in a separate file (like already mention) in a different folder that way you can even further protect it by giving that folder a unique name (Don't use names that people use for tutorials, for why would you want to aid the script kiddies ) and you could even further protect it with a .htaccess file in the future if you so desired. I write special functions that sanitize my user input and I use this motto, "When it doubt, Sanitize It!".
An lastly as someone has told me if you truly truly want it secure use Hypertext Transfer Protocol Secure (HTTPS); however, even that can be insecure - but you have to cut the cord sometime.