Using WordPress as an example may help clarify my question.
If someone gains access to the server where the WordPress installation is located, they can upload a simple file to find out the login credentials for the installation's database.
simple file example:
By uploading that file and calling it in a web browser I can see the dbuser, dbpass, dbhost, etc. properties of $wpdb.
How can one use a class that handles all database tasks and hide these properties from outsiders, or at least make them much more difficult to find out? I've thought of holding the values in a separate class that gets called from the main class but the var dump would clue a snooper in as to what class to next run the var_dump on, so that doesn't seem effective unless you were to put the credentials many, many classes deep in a chain.