[eluser]kgill[/eluser]
It isn't a security issue it's an organization issue and to understand it, you need to delve into the concepts behind OO programming. By declaring a method as public you are saying to anyone else writing code that uses your object: you can use this function to manipulate this object. Private functions are off limits to code that extend or instantiate your object, this ensures that the only way to manipulate your object is in the manner you've specifically allowed. Now as to why you'd want to do this, to prevent you or someone else from doing something stupid is the most common reason.
Lets go with a completely absurd hypothetical example, suppose you're writing a program to keep track of company payroll and you've got a function that uses a class level variable $this->user_hours, now a user can't work less than 0 hours so in your set_hours function you have a check for if $this->user_hours < 0 then gracefully fail with the message you can't do that. Now you finish writing your payroll program and hand it over to some other coder to do his part that builds the front end and uses your object. When he coded the front end he saw that $this->user_hours was declared as public so he used it in his code and passed the users hours directly into it. Fast forward a bit and some clueless user is now using the program and puts their hours in as -40 because hey they took a week off. That -40 gets put into your user_hours variable and the code you wrote to handle that never gets executed because it was accessed directly, had it been declared private he would have been forced to use your setter method and your code would have prevented problems.
Make sense now?