As long as a file like db_connect.php is in the public_html directory, along with an index.php, should there ever be a security concern? I’ve seen people online say it’s fine and others who say that a file like db_connect.php should ALWAYS be one level up.