One area of my work entails advising corporate clients on SQL database vulnerabilities - I don't use MS Access, and it's not really used on commercial websites.
It might be useful to create a subweb, and put your database, plus ASP pages into it. You can easily control access to the subweb via a .htaccess password system.
There are lots of tips I could give you for securing online data, but not all will apply to an access database. Try to use some basic security measures however, and you'll be reasonably secure. I say 'reasonably' because a determined and knowledgeable person will get to your data anyway. That said, I imagine the risk attached to a church membership database is going to be pretty small.
Here are some pointers:
1. Make passwords at least 6 characters long.
2. Don't tell people why a login failed. Many websites have helpful pages saying things like "your username was incorrect, please try again", thus giving a clue to a hacker that at least the password was OK. Don't do that, just provide a basic error message: "Login failed - please try again"
3. Don't ever include 'admin' 'administrator' 'root' 'owner' or 'webmaster' in your password list.
4. Have your login script check the http_referrer to see where the request came from. It should come from your HTML form on the same server. If it doesn't your script should reject the login. This won't stop expert hackers because they'll fake the http_referrer, but it's still worth doing.