--- "every server setup imaginable", including VNC
Note that the best way of securing the VNC server is to bind it to localhost only and tunnel the local port via SSH.
For example, in your /etc/sysconfig/vncservers file, add the option "-localhost" to the variable VNCSERVERARGS, so the vnc daemon on the server binds only to its local address, thus denying access to non-secure, direct connections from any hosts. At the client side, first make a local SSH tunnel to the server machine like
$ ssh -l LOGIN_NAME -L LOCAL_PORT:localhost:VNC_SERVER_LISTENING_PORT SERVER_HOSTNAME"
LOGIN_NAME: your login name on the server
LOCAL_PORT: any non-used, unprivileged port number (one above 1024)
VNC_SERVER_LISTENING_PORT: the port number on which the VNC daemon is listening (on the server machine)
SERVER_HOSTNAME: hostname of ip address of the machine on which the vnc daemon is running
After that, run the command "vncviewer localhost:LOCAL_PORT" and you are done. Alternatively, you can select the vnc viewer app from the GUI and type the hostname/port number combination in the GUI dialog.