Here you can find some general information and pointers about security in general and more specifically Blinkenshell.
Normal non-encrypted FTP is not supported, instead SFTP from the OpenSSH package is used to transfer files to and from the shell server.
Sensitive webpages such as phpMyAdmin and Webmail are only available over HTTPS, and the wiki and blog are optionally available over HTTPS. The certificate is signed by CAcert, which is not included by default in most browsers. Instead you have to install the CAcert root certificate in your browser: http://wiki.cacert.org/wiki/BrowserClients
Do not use the same password for your shell account as you use for other services, especially those that communicate over non-secure protocols like IRC or webpages.
Also, check out our password policy: PasswordPolicy
Phishing and trust
No one at Blinkenshell will ever ask you for your password. Do not ever give away your password, not even to someone saying he/she is an admin.
On IRC, there often is no really good way to protect your nickname, so anyone can use anyone else's nickname. Don't trust someone to be an admin just because of the username. Check things like connecting host and if the user is identified with NickServ.
Emails can be sent from addresses other than one's own, so don't trust emails asking you to reply with your password or similar just because the sender address is from a trusted domain.
Use common sense and a certain ammount of paranoia and you will be all right
Pretty Good Privacy (PGP): http://en.wikipedia.org/wiki/Pretty_Good_Privacy
Gnu Privacy Guard (GPG, Gnu PGP-thingy): http://www.dewinter.com/gnupg_howto/english/GPGMiniHowto.html