directory security question

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

This is a PHP question that came up while working with SquirrelMail.
I read an installation procedure that suggested moving several  
directories out of web space.  Two of them make sense, but the third  
directory, houses configuration options in php files.  If the web server  
is properly optioned to serve .php files (by executing php and serving  
the result), is there any reason to place this write protected directory  
outside of web space?  There is no way for someone to see anything  
inside "<?php" and "?>" right?


Site Timeline