Ensure you are clear what you are going to get for the money ! Make a tick list of what will be delivered and produce a Gantt chart to track the progress. Ask what development methodology the programmers are going to follow, agile or waterfall. Make sure they explain their methodology so you are clear when you are going to meet with them and how you can track progress.
Define which Browsers should be supported. At a very minimum this should include:
Firefox 3.6 and 4
Chrome 9 and 10
Define the version of HTMl you want, make sure your website validates correctly to that version. If you plumb for HTML 5 make sure it displays correctly on the supported browsers. If you use HTML 5, use roles correctly.
Again, check the supported browsers will support the version of CSS you choice. If you use CSS3, use only features supported by all browsers.
Ensure the interface is restful. Ensure return codes are meaningful. This will help when you want to create a mobile verson of the site or create mobile apps that use the site as a service.
A restful interface should help with jQuery support as well. Make sure your interface supports returning data as JSON at a the very least and a RSS feed as an option
Escape all input to avoid XSS attacks . For PHP use htmlentities, all other languages should have something similar
All input and queries to the database should either be Paramatised or better still stored procedures should be used.
Any uploaded content should be limited to known file types. The content of the file should be verified and the file should be stored outside the webserver directories. Download should be anonymous so the file system is obscured.
What version control system will they use. If they use a public one are they aware of any copyright problems that it may bring
How are they going to test the site ? Do they propose to use unit testing, if so will it be automated ?