I've made several scripts that are pulled in my pages with include. They are all stored in a directory that is unreferenced in the output.
Is there any way somebody can discover their name and/or location and pull them from my server to obtain db passwords?
If the answer is YES! OFF COURSE!
then please tell me what I should do to secure them.