While nothing exposed to the web is 100% safe, you don't have to hack anything to be safe with Joomla. The current version of Joomla 1.5.22 is secure with no known security issues. Joomla is no more vulnerable to attack than any other CMS program. In fact it may be more secuer as a main focus of the developers is security while maintaining ease of use. Not an easy task I might say.
I would not attempt applying the code from the above posts. This is especially true since your not comfortable with attempting any of it. In fact I would not recomend applying any code, core hack, or modification your not comfortable with. This is especially true with code examples found in the forums.
There are some modifications you can do to increase security that can be found in the official documentation. These modifications have been tested on many servers and generally work as advertized. Again, if your not comfortable performing modifications at this point, then don't do them. Joomla is secure enough in the default install to not need any modification (except for enabling the htaccess file - see below)
do use a modern quality hosting service. Preferbly one that uses mod_security, php 5, suexec. You mostly get what you pay for. (what do you expect for free or nearly free? Fort Knox from someone who cares about security?) Be aware of some really popular heavily advertised hosting services also. They seem to have a larger than average share of issues with their servers being hacked.
Don't use an offer by the hosting company (your domains control panel one click install). Many of these services are not on the latest version, are slow to offer security updates, and can make it rather hard sometimes to know just where Joomla was installed. The install scripts used by these services may also force insecure file/directory permissions which you won't know about until it's to late.
do always keep files at 644 (or tighter) permissions and directories at 755 (or tighter) permissions. 644/755 are normal server defaults and are reasonably safe.
Do install the latest Joomla version. By controlling your own installation directly, you can easily apply updates or security patched to the Joomla core files.
do enable the htaccess.txt file by renaming the file to .htaccess You can do this using an ftp program. this file contains some code to stop some exploits and should always be enabled.
do keep all 3rd party extensions updated. This is most important as most issues with hacked websites arise from the use of outdated or insecure 3rd party extensions.
do use good strong passwords. 12 characters long for a super admin is normally long enough.
do consider changing the super admin password on a regular basis.
do use a password manager such as KeePass for all your passwords.
do create a new super admin account and change using the new super admin account after successful admin login then delete the old one
do keep your computers anti-virus updated and also run additional checks such as malwarebytes on a regular basis. Reason for this is that even good trusted sites may become infected with malware that will silently download malware to your computer for the only purpose of finding and stealing passwords. ftp programs are frequently targeted. once the user name and password are stolen it is easy to log in to your site and cause problems.
Make backups of both the database and the files found in your public_html directory on a regular basis. database is where your date is stored and the public_html directory is where the files and templates that use this data to assemble the pages resides.
do read and learn more about security from our extensive doc files. Even if you ultimately decide not to use Joomla, most of the information applies to your domain in general.http://docs.joomla.org/Category:Security_Checklisthttp://docs.joomla.org/Security_Checklist_7http://docs.joomla.org/Vulnerable_Extensions_List
If you do these things, there is no need to hack, program, sort through htaccess rules.
Articles, links, categories, sections etc are all stored in the database. photos, images, files for download are normally stored in public_html in the appropriate directory