You don't see this very often, but how about a second admin password for the more destructive features (wiping users, editing the database etc). That offers another level of protection in case someone cracks the first password.
Regards
Jason
Regards
Jason