#10 Security hole, configfiles can be viewed

[Anonymous]

Because the configfiles are called *.inc they will not be
parsed by php.

for example http://url/myphpim/conf/config.inc will show
all the settings, also username and password for
myphpim. There is a .htaccess file, but on some servers
htaccess isn't configured and then the files ar visible.