Short bio: Computer Scientist, FOSS supporter (read more)
Tux Machines (TM)-specific
PHP has a notorious security history, but web hosts have to provide it. Suhosin is a security patch that can be applied to change behaviour of the default PHP install in security related ways, and is now packaged in Debian Etch and Sid, with some of it built into the default PHP builds, and some available as an extra.
To install and test:
Create a PHP file somewhere on your website with this in, and view it with Apache to see your PHP config.
When viewed the page should claim that Suhosin is included, but Suhosin directives in the PHP5 ini files will have no effect.