Firewalls
What’s your personal (and even Softlayer’s “official” position) on Hardware firewalls vs Software firewalls. Yes, the traffic reaches your server (and hence uses up your bandwidth) on the software firewall and if you come under a DoS it’ll drive your CPU usage through the roof – but are there any other disadvantages/advantages?

Passwords
As Jeff Atwood has just experienced, you should use a different password for different things ( see http://www.codinghorror.com/blog/archives/001263.html ). However, is it worth considering building support for One Time Passwords into your application (such as the Softlayer Portal)? Or, for less security orientated sites, how about only using OTPs? (I asked the same question a few weeks ago on my own blog at http://blog.rac.me.uk/2009/04/16/techy-token-authentication-instead-of-passwords/ but no responses yet ).