1000 FAQs, 500 tutorials and explanatory videos. Here, there are only solutions!
Securing scripts by storing sensitive data (SQL password, etc) outside the public web directory
There is a "/data" directory in the root of your web site for this purpose. It is not accesspible from the web and so whatever is placed there is not listable or directly readable. Conversely, your PHP/Perl scripts can access it without difficulty.
Link to this FAQ: