Very interesting, thanks!
Kohana gives you the choice of database and/or file system configuration data and provides the corresponding readers and writers. This is quite beyond anything I'm planning on now. What interested me were the properties they have. Only the directory and database locations. The config data is passed through, returned to the caller. That seems safe enough.
Anyone who has managed a website, specially a commercial one, knows that websites are constantly under attack, 24/7/365, by very sophisticated hackers using tireless robots. The attacks come in innumerable ways with the url and html forms being great windows of opportunity. An approach that is based on the idea that if they break in you are already hosed is not a good one. My approach is to think about security constantly.
For example, to connect to a database you need four pieces of configuration data (host, user, password, and database name). Once the connection is made you no longer need these data, all you need is the connection resource or connection object, and it's best not to have the configuration data floating around in a config object that persists for the duration of the php process (Kohana does not do this).
In the grand scheme of things local scope variables are safer than global ones. php objects are super-global as far as I can tell. Once a password becomes the property of an oop object in practice it becomes a global variable even if declared as private. You can see it with var_dump() or print_r().
Paranoid? Perhaps. My point is that every ounce of prevention counts.