You have (an alpha version of) your site up and running. What steps do you follow to protect yourself against malicious users? I'm referring to sites like tripadvisor.com, that doesn't have a whole lot of sensitive information, rather than turbotax.com.
Check out my answer to this guy's question about how to test the security of his website: <a href="http://news.ycombinator.com/item?id=385093" rel="nofollow">http://news.ycombinator.com/item?id=385093</a>
A simple first step would be to talk to a security expert locally in your area. In my area (Cleveland, OH) there is a group that will test your security for free and give you pointers on what to change.