Securely expose SharePoint in an extranet scenario

I'm currently looking into the feasibility (and danger) of exposing a SharePoint 2007 install on a public website in an extranet-type scenario.

While there's no doubt that Microsoft has greatly improved the security of their products in recent years, I'm still naturally wary whenever it comes to using their systems in an unprotected environment. The other problem with using SharePoint in a public environment is the Active Directory question -- how do you manage identity in a federated environment, especially when not all participants may have Active Directory installed?

Some interesting resources I've discovered to date include: