if its a custom system, you will not be attacked by script kiddies, worms or bots but I would recommend useing an obscure port instead of 80 or 8080.

as for labels, give it something unique that dosnt betray its nature. Like "Katja systems ltd." not "my leeto dorito web server", that should throw off most of the more curious hackers, ultimatly though you have to concider, you are not a big target, who is going to go out of their way to attack you? why?

as I said, a custom build system is hard to penetrate, cover the basics and you should be fine. (../ symbols, buffers, invalid requests etc), use regular expressions and discard everything that is suspicious.

Tangent: You can support PHP by pipeing the php source to the php binary and taking the off stream back to the client.