"The good news about computers is that they do what you tell them to do. The bad news is that they do what you tell them to do."
-- unsure; often attributed without source to information philosopher Ted Nelson
The software package itself (as opposed to any of its programs or other components) can have any desired name. Acronyms and puns are very popular as package names, for no particular good reason.
These guidelines will use a fictional software package named hello as an example throughout. The purpose of the hello package will be to display "Hello, World!" (of course).
The ideal package name:
Is relatively short.
Is somewhat descriptive of the package's purpose.
Is unique enough not to be confused with other packages.
Does not refer to the technology used to create the package. For example, "xhello" (where the "x" refers to the X Windows system) might be a good name for a particular program in the package, but simply "hello" should be used for the package name.
If the package name contains spaces, then the spaces should either be dropped or replaced by underbars when used for file and symbol names. For example, a package named "Hello Again" might have a function named HelloAgainFunction(), Hello_Again_function(), or hello_again_function(). Other special characters in the name should generally be dropped for file and symbol names. (Of course, a real Unix programmer would probably call it "hag" to begin with.)
The only security consideration that I can think of is to avoid a name that can be easily confused with an existing package.