I've not read a great deal on the topic, but this guy, Paul Kocher, sounds like he's got some killer ideas.

...at the tender age of 22, he made headlines with a technique to compromise implementations of the RSA algorithm -- not with a direct frontal assault, but by watching the amount of time a system took to perform certain functions.

Much of what he points out in the article is that adding layers to code is making it less likely to be secure. Now this seems to be something we would take for granted, but how often do we see this considered when developers release their latest and greatest apps? Not all too often, more for public outcry for backwards compatability than not. Either which way, I thought the article noteworth because it basically states that forward cracking of an algorigthm is not the only thing we need to be concerned with. Perhaps pushing our developers to develop better code, or less of it to accomplish the same effect, would be well advised.

Check out the article : http://online.securityfocus.com/news/572

Regards and happy reading.