The Issues

WWW (HTTP) and FTP Servers Run as Root: by default on UNIX boxes the servers must run as root; complex, possibly bug-ridden or trojan-horse code leaves you vulnerable. Consider running non-root versions (eg port 8080 HTTP server on UNIX), and/or line-by-line source checking. Check your logs.
Keep Them Off Critical Machines: Minimise effects of breakout; keep servers off fileservers, NIS or DNS primaries, firewalls, etc, as far as possible.
Don't Run Them At All: Rent space on someone else's server or go to a third-party supplier such as ExWeb; also can improve reliability and performance, and helps if your connection is not permanent.