What's the preferred way of making phpMyAdmin secure against evil access? ¶

This depends on your system. If you're running a server which cannot be accessed by other people, it's sufficient to use the directory protection bundled with your webserver (with Apache you can use .htaccess files, for example). If other people have telnet access to your server, you should use phpMyAdmin's HTTP or cookie authentication features.

Suggestions:

• Your config.inc.php file should be chmod 660.
• All your phpMyAdmin files should be chown -R phpmy.apache, where phpmy is a user whose password is only known to you, and apache is the group under which Apache runs.
• Follow security recommendations for PHP and your webserver.