If you are referring to the header file it's well known that your database connect info is stored there. You can't see the contents of the file by entering it in your browser. You will just see a blank page. Anyone can find your database name which incidentally is usually your cpanel and ftp login by simply viewing: http://www.yoursite.com/periodic/periodic.file in a web browser. This is only one example of many. One still wouldn't know the dbuser or dbpass. It will tell you the mailto: cron email see more though if one wanted to spam someones email box this could be annoying. Most sites you can actually view the contents of someones .htaccess file too if you want. All you do is punch in yoursite.com/.htaccess and you can see the contents in your browser. Not that you will get much out of it either. You can add to root .htaccess so nobody can view them in a browser:
<Files .htaccess>
deny from all
</Files>

<Files periodic.file>
deny from all
</Files>

Another thing is even if guests aren't allowed to view movies for example, all you have to do is punch in yoursite.com/ray/modules/movie/files if directory browsing is allowed one can watch or download them all with a simple click. If directory browsing is disabled or or index.php/index.html is present then all one has to do is yoursite.com/ray/modules/movie/files/1.mpg(or 1.flv) and just keep on a going 2.mpg, 3.mpg, etc. And no need to join the site. Same with music, mp3, photo gallery, profile photos, etc. Anyone that knows dolphin directory structure can figure this out. A simple free dolphin download by anyone not familiar with it and they know where to look. Not a security thing, but more of an inconvenience. You can do the same with almost any site or script out there if you know what script it runs unless there are .htaccess or other modifications in place. Then again there is software that can do it for you or tell you exact locations too.

If you don't want people browsing your folders or directories that don't have an index.php or index.html you don't need to drop one in each and every folder or directory. You might be there a while doing that. You can if you want, but you'll probably miss a few. You can just add to your main .htaccess in the root to cover your entire site:
Options -Indexes Some say they have had issues with this in the root, I never had any problems with it there. You could put it in sub-dirs .haccess instead if you have issues and still save yourself a lot of time.

If you put it in the main root .htaccess it takes care of all folders or directories under it. If you opt to put it in /media/.htaccess for example it wouldn't affect the root, only /media and every folder under or below /media such as /media/images etc.

If you put it in root .htaccess but you don't want /media to be covered by this then in /media/.htaccess you would put Options +Indexes.

Sort of faster than adding a index.php or index.html to every folder or directory. Cpanel hosting also has this option to turn off index browsing in cpanel you can use "Index Manager". Basically it just adds Options -Indexes to .htaccess for you, and you can choose root or specific directories. Helpful for people that are not sure how to manually do this. For me it's faster to manually add it by ftp, and sometimes cpanel messes up, so I think it works better manually.

Just a couple of examples. If you really think about it there are many more. And a lot of other things you could do if you want to take the time, and are concerned about security or people viewing files and folders that you would rather not. If you have vps or dedicated there are additional things one can tighten up for security that shared hosting folks don't have access to. You hope that your shared host has taken extra steps concerning server wide security on your behalf.

Anyway sorry to ramble on...Laters!