SNMPv3 (particularly with AuthPriv) helps a lot in addressing most of the traditional stigmas about SNMP lacking security. With SNMPv2 and below, I don't think it's too dramatically different from other accesses (console/vty) to the network devices--deny all, then open holes only to hosts network admins want them to, as needed. Here's a good starter on configuring SNMP, with examples of ACL and SNMP Views to limit access:
http://www.netcraftsmen.net/resources/archived-articles/370-configuring-snmp-in-cisco-routers.html
That, and a good IDS/IPS setup capable of catching any NIC going into promiscuous mode on your LAN.