CCK

This is a public service announcement regarding the "administer content types" permission. The rise of the Content Construction Kit (CCK) and a legion of powerful CCK field modules have considerably extended the abilities of a user with this permission, with much of a site's behaviour now being configurable via the content types administration pages. The permission "administer content types" is therefore comparable in scope to the "administer site configuration" permission. Only grant this permission to trusted site administrators.

File Permissions

In Linux, typically the Apache user has full privliledges in the Drupal directory, with the files being flagged as writable only by owner, and read-only for group and other.  (I am not sure why group and other need any access at all).

Mollom

Spam

Use the CAPTCHA modules to help prevent automated input of spam content. Consider using rel="nofollow" as a default link attribute, in order to help prevent link spam. This tells search engine spiders not to crawl the link. The FCKEditor can write the rel="nofollow" automatically.