I use svn+ssh:// and that works very well. If you've already got ssh
available on the box, this is ideal as it means you're just using a
port that's already open on the box, not opening any additional ports.
To add a little more complexity, and security, setup ssh to use (&
require) access with a public/private key pair rather than via normal
password. That way nobody (not even you) can get to your repository
unless they're doing it from your machine (where the key file is) AND
know the password for your key (because, although possible, you
wouldn't dream of creating a key without a password, right?). It's
funny to look at the ssh logs of people/bots constantly trying to ssh
into our Internet connected machines trying all kinds different
usernames and passwords, since no matter what they try, they won't get
in without one of our developer's keys.