I would be more concerned about the security of the private key. The key, must be accessible to the web server, which means it is probably accessible to other on the web server.

Thanks for your comments but on this comment above, I think I am covered. The private key is *never* available to the webserver. Only the public key. The private key resides on the computer of the owner of the site, in his office, within a desktop application I've set up for them. The info is downloaded encrypted from the database, and then decrypted on his desktop for him to view.

From all the various comments I am gathering that the best solution is a non-shared hosting environment, or at least one that is more controlled. I'd feel much better about setting him up on a *nix system but I've not a choice in the matter.

Thanks again for everyone's insights.