I use a combination of a VPN connection and then connecting to the other computer with VNC over the VPN connection.
In any case, here is the answer to the security question:
<<a target="_blank" href=http://www.uk.research.att.com/vnc/faq.html#q55>http://www.uk.research.att.com/vnc/faq.html#q55 (http://www.uk.research.att.com/vnc/faq.html#q55>How)>
Access to your VNC desktop generally allows access to your whole environment, so security is obviously important. VNC uses a challenge-response password scheme to make the initial connection: the server sends a random series of bytes, which are encrypted using the password typed in, and then returned to the server, which checks them against the 'right' answer. After that the data is unencrypted and could, in theory, be watched by other malicious users, though it's a bit harder to snoop a VNC session than, say, a telnet, rlogin, or X session. Since VNC runs over a simple single TCP/IP socket, it is easy to add support for SSL or some other encryption scheme if this is important to you, or to tunnel it through something like SSH or Zebedee.
SSH allows you to redirect remote TCP/IP ports so that all traffic is strongly encrypted, and this can be combined with VNC. SSH can also compress the encrypted data - this can be very useful if using VNC over slow links. See the 'Using SSH with VNC' page. Zebedee is a similar system which can be sometimes simpler to use. You can find info here.
While we're on the subject of security, you should also be aware that only the first 8 characters of VNC passwords are significant. This is because the 'getpass' call used in the Unix server to read a password has this restriction, and the other platforms have been made compatible with this.
Wolfram Gloger < wmglo@dent.med.uni-muenchen.de> has built Xvnc with the TCP Wrapper library, allowing you more control over which hosts are allowed to connect. See the contribs page for details.
Josh
[i]Sorry folks, I'm an idiot. Moose out front shoulda told ya. [i]