Redundant everything. For security, I'd say you have a couple choices. One would be grant DBO access to the client for their database, let them handle administration from there. As long as they are limited to their db, not much damage they can cause. If you can give them less, so much the better. Probably want to set a growth limit on both db and log so they cant max your drive when you're not looking.
You might consider some kind of web version of EM that would limit what they can do, most users aren't going to be big TSQL users anyway.
Assuming your network guys are handling the hardware, I'd say a single instance of SQL 2000, put together a set of scripts to set up a db and users easily. Help page to explain to users how to connect.
You might want to look at other newsgroups, maybe find one that is about hosting - probably a good idea to leverage that knowledge if you can find it.