If you're going to run a server, especially one that holds valuable data, you'll want to keep it secure. Now there's only so much you can do to secure a server against intrusion; this is “Second-Level” protection, so if someone does attempt to get in, you can identify them.. and if they _do_ get in, you can see which files (if any) they modified. Running a remote log server is also a great way of making sure intrusions are logged (just make sure the passwords are different, and there aren't any ssh keys for passwordless-login between the servers).
These instructions are generated from use in a real-world environment. They are uploaded for the benefit of others, as well as myself. If you see a glaring security vulnerability, or potentially diasterous misconfiguration - please modify the wiki accordingly. (also including reasons why the initial value was _so_ wrong). With so many packages to look after, no one can expect to get all of them configured 100% correctly, especially when you consider updates are released so often.