Security is one of the often arcane subjects that only a select few attempt to unravel it's secrets. Anyone that has used Salesforce.com can attest that the sharing model has taken a complex requirement and made it accessible to many (IMO the sign of a good solution and solid design). But security within the platform is not the only aspect we, as Force.com ninjas, need to be aware of. Robert Fly's fantastic blog post is a testament to the complexity often inherent with Security. This post references a LOT of material you can look at to get started, if Security is of interest to you.
One aspect of security that I have been looking at recently is oAuth. I have used Single Sign On with the platform in the past when I have needed secure access, but had never used oAuth. Thankfully, Jeff Douglas from Appiro, recently contributed a new Code Share project titled, Force.com OAuth Demo. This project provides a great demo application of using a Java webapp deployed on Google App Engine to connect to Salesforce.com using oAuth to authenticate.
Great job Jeff, and thanks for saving me endless hours getting started on oAuth.