A lot of what I would say has already been covered by other comments, so I won't repeat that (other then SSL! SSL! SSL!).

You mentioned:

secure forms (maxlegnth)

The maxlength attribute is a way of asking the client not to send data longer then a certain number of characters. Nothing prevents them from ignoring that request. Any sanity checking of data must be performed by the server side script. (You can check on the client side as well, but this should be only to provide convenience for the user, not for your security.)

As for VB.NET; most groups being new languages/frameworks try to hype the language or framework to attract developers. Microsoft is no exception. You might want to consider using the language if it provides significant benefits (such as already being used interally thus providing prewritten libraries that deal with your company's business logic), but don't choose it because its a buzzword.