i have seen many sites who claim to have bank grade security encription. if their web sites have been built with php what other forms of security can exist aside from using mysql_real_escape_string and a 128bit ssl encription?