Making a text file read-only won't do anything to improve security. The whole point is that you want to stop people reading your text files (at least, I assume that's the point). You really need to prevent any kind of access to the file, not just read-only access.
One way to do that is to store the file outside the www directory of the site. The details will vary according to the platform, but in general, if you look at the server where your site is hosted, you will see a root directory containing sub-directories for things like log files and configuration files. One of these will be your www root, where your actual web pages are stored. Anyone visiting your site who knows the URL of any file within the www root (or its sub directories) will be able to access that file (I'm simplifying the explanation, but it should give the general idea). But that's not the case if the file is in one of the directories above the www root.
So, you could create a new directory above the www root (on the same level as the log files, etc), and use that to store your text file. You will still be able to access it from within your server-side code (for example, to read it from within a PHP program). But there will be no easy way for a visitor - or a client-side application - to get at it.
As I say, this is a simplified explanation. Come back if you need any clarification.