Good thought to be responsible for your users. But unfortunately you can't protect them as much as you are desiring.
But you can at least take care in your website's code that it shouldn't be attackable with "Code Injections". It would at least make your website secure for your users being satisfied to give you their personal details. This is very well known and easy to attack specially on the layman's websites which are coded by developers from scratch. Even web development frameworks might leave a loophole which they rapidly test for and patch it up in upgrades.
By the use of "Code Injection" an attacker can do a lot more damages to you and your users at the same time in many different ways. But as you are wandering about the information theft so I would tell only about this way how it works if the attack goes successful.
Most popular way of injecting client scripts permanently in to your website is done by the use of "SQL Injection". However, a successful "SQL Injection" can completely destroy your website but for the particular issue you are asking for, it can collect sensitive users information from your database as well as by the users themselves while they enters any information on your website. Your website can become a KeyLogger itself. You atleast can protect from this to happen.
The attacker resides in your database with a client side script to execute malicious script from within your website when stays on the client's computer and while the users is interacting within your website the information he/she enters is unknowingly passing to the attackers.
What you have to do to protect your website from this kind of vulnerability, search Google with with following keywords. "To protect from SQL Injectiont", "To protect from cross-site scripting", "To protect from code injection"
But you can protect the user only within the boundary from your server to the user's browser. You can't protect them outside of the of the browser in their computer.