When you move to a production version of your application, you probably want to
place this file outside of the site root. That way, web users can’t simply type the
path to your configuration script and get all your passwords. Alternatively, you could
add security to this directory, although simply getting it out of the web-serving
directories altogether is usually easiest.