When creating websites that only contain static HTML there are not a whole lot of security issues to be concerned about. But, once you start creating websites with dynamic content security becomes more important. Content Management Systems are complex beasts. Often the core components are very secure out of the box, needing little extra configuration to lock things down. It is more than likely you will be installing third-party modules to use with your CMS. That is when you should be more cautious and read the guidelines provided by the CMS you use.
I've compiled a list of security-related resources for each of the platforms on ThemeBot. If you haven't done so already, it would be a good idea to read through these articles. Of course, the best thing you can do to harden your website is hire a professional security consultant. However, there is a lot that can be done yourself to make your site more secure. This is not intended to make anyone paranoid it is just to increase awareness...
If you have any links to add or would like to discuss this, please add a comment.