I use svn+ssh:// and that works very well. If you've already got ssh available on the box, this is ideal as it means you're just using a port that's already open on the box, not opening any additional ports.
To add a little more complexity, and security, setup ssh to use (& require) access with a public/private key pair rather than via normal password. That way nobody (not even you) can get to your repository unless they're doing it from your machine (where the key file is) AND know the password for your key (because, although possible, you wouldn't dream of creating a key without a password, right?). It's funny to look at the ssh logs of people/bots constantly trying to ssh into our Internet connected machines trying all kinds different usernames and passwords, since no matter what they try, they won't get in without one of our developer's keys.