If you are on a shared hosting server, it is likely a bit of a challenge (and, depending on the provider’s setup, impossible) to secure your keys from other users. Plus, reinventing the encryption wheel is generally a bad idea. So I wouldn’t go that route, especially if you aren’t knowledgable about security.

The easiest solution is to use SSL. If you really don’t want to get a cert from Verisign (or Comodo or whomever), use your provider’s default SSL cert. If they have things set up so that your SSL server will use a cert for https://www.YourHostingProvider.com/, then you should be able to make that work, perhaps with a bit of homework. (MediaTemple is set up that way, where you get their cert if you don’t have your own. Not sure about other hosting providers.)

Do try to educate yourself about the elevated risks involved in doing this on the cheap. For example, depending on the setup, it’s possible that anyone else on the shared hosting service could impersonate your site if they are sufficiently skilled and determined, since they may have access to the same SSL private key you’re using.

If you’re securing game high scores or something, that will probably be OK. If you’re securing credit card numbers or people’s personal health information, this is definitely not the way to go. You don’t want to store that kind of information on a shared hosting service, and you definitely don’t want to be so resource starved that you’re reluctant to buy an SSL cert.