What version of wordpress do you have? Any version before 2.3 is vulnerable and can be hacked. Install caching plugins if you don't have them already. Protect your wp-admin directory with .htaccess, disable access to it to all but yourself.
Wordpress is very rarely hacked "script side", this is usually done "server side" due to hosting companies not properly staying up to date with security issues. You might want to review Dan Schulz's Wordpress SEO Checklist since your migrating your website anyways. The latest security patch release from Wordpress is 2.3.3, you might need to upgrade. Being your moving to a dedicated server you want to review this security guide for wordpress.
With new hacks Wordpress is now very often hacked script side, since January tenth of thousands abandoned wordpress blogs got hacked.
It will start affect serps when google first visits your offline-site , But the affect is recoverable.
wp-cache2 have no disadvantages. ws-supercache produces static pages, so if some plugin requires to run on each hit it will not work.
you need a dedicated server for sure. Believe me, once on dedicated, you'll never immagine why you've ever been on shared. It's so much better, you have control over your machine and posibilities are endless. WP can use a lot of resources and having 18k visitors on wp on shared hosting sounds impossible to me. Sure, they give you incredible amount of disk space and bw, but the catch is that they will limit your cpu and ram resources. If you need a good and cheap sys admin I can recommend one. Be sure you have your server configured right, I recently took my second dedicated and before I even started to use it it was under brute force attack to get root password. People scan whole networks for such things. First thing is move ssh to some higher port and disable root login.
don't let your domain to be offline, create a temporary page somewhere else ( if you have a fast dns service for your domain) , only the index page , e.t.c because an offline website is the worst
Yeah, I've had a chat with the live support guys and they said I shouldn't worry. My password is something totally random like: 2y328439yb8c94238c423849c283974283942876n46ncn273nc48736c36n4x2364xnewjrwgeurgweurgwegrwegrwer I take it that would be pretty hard to get with a brute force, wouldn't it?
It is possible to make a firewall rule to limit number of connections on ssh port. By doing this you almost eliminating possibility of successful brute force hack, unlike changing of port. As soon as hacker know your port, he can run brute force attack on you, but if number of connections per time is limited, it is will be much harder.