Section "Using setup script"
3. You should deny access to the ./libraries and ./setup/lib subfolders in your webserver configuration. For Apache you can use supplied .htaccess file in that folder, for other webservers, you should configure this yourself. Such configuration prevents from possible path exposure and cross side scripting vulnerabilities that might happen to be found in that code.
I can't find the supplied .htaccess ?