Webmin is going to be massive overkill to simply allow people to access mail. It has the ability to view/modify a huge number of things on the system, including turning on/off services, user admin, iptables config, etc. If all you need is mail, then I'd setup something specifically designed for that job like POP or webmail. Using webmin is going to open more potential holes than it would solve for this scenario.
As far as security, obviously you'll want to implement some kind of authorization so that only valid users can send mail otherwise you'll find your machine being used to send spam. You'll also want to harden Apache and the underlying OS itself. OS and Apache hardening guides can be found in the Security references thread and the Apache site has info on security as well. I'm also reading a fantastic book
on Apache hardening which I would highly recommend.