> Never give out the superuser username.
> This seems to work. You can still backup, restore etc.

this is security by obsurity, it will buy you nothing! in fact this does not
increase your security at all! if you want your data to be secure, don't let
anyone access the db or the backup files. you could for example use an
encrypting file system to store the database on the server. this way even a
person with physical access to the server could not access anything without
a proper user accout.
if you have to do secure client installs where you must ship a database with
valuable data i think the only way at the moment is to encrypt the data
yourself in your application before writing it to the database.

regards
michael