Hiding the Test Runner is acheived in exactly the same way as hding any other (client) model, which is by adding a requiredPermission to the Test Runner model, and making sure only the relevant users are assigned a role which has that permission. If you're not familiar with the user-role-permission authorization mechanism, see http://www.tersus.com/#Id=324 for additional details
Use the Running on Production System feature to ensure that "dangerous" tests (e.g. those that make changes to data) are not executed on a production system.
For best results, use the Firefox browser..