* Keep the customer informed --- no one likes surprises.
* Make a habit of sending short, just-the-facts-ma'am email summaries confirming oral discussions --- they can be incredibly useful in the event of later finger-pointing and "why didn't you tell me X?" accusations.
* In the same vein, seriously consider never deleting any email to or from a customer or otherwise relating to a job.
* Consider treating development of the specification as a separate, separately-priced deliverable.
* Consider providing an "extension of time budget" in the contract --- that is, you've got X days of extension budget that you can allocate to individual deadlines as you see fit, with a max extension of Y days for any single deadline.
* Watch out for IP-ownership provisions; try to make sure you get the right to continue using general knowledge, tools, non-customer-specific code, etc., for other projects.
* Be extremely careful using FOSS (free / open-source) software --- the customer will be really PO'd if it has to release the source code to its product. Microsoft had to do that a couple of years ago because one of its consultants included GPL code; see this blog posting  by Silicon Valley lawyer Mark Radcliffe for details.
* In the contract, try very hard to (1) exclude consequential damages, and (2) limit your liability to X or 2X or even 3X, where X is the amount you're paid. If the customer balks, you can respond that you're selling services, not business insurance, and that uncapped liability will have to carry a higher price.
* Investigate whether you can get professional-liability insurance (errors & omissions or "E&O"). If so, try to have a separate cap for your contract liability in the amount of your coverage --- that is, your liability won't exceed 2X, where X is the amount you were paid, or your policy limits, whichever is less.