Simple WEBROOT Protection
If you don't have webroot protection enabled, then everyone can access
all your web files from the backend without even going through a browser
or the web server. This includes being able to read the source of your
CGI and PHP scripts.