So, I was thinking about workarounds for saving passwords in text files (just because I'm curious), and I thought, what if I saved my file somewhere that is non-accessible? My server has a public_html folder where all of the code lies, however, I created a password text file on the same level as that (and not in the actual folder).
Right now, I'm thinking this is safe because you can't access it via the actual website and yet my code can still get information from it. However, how secure is this really? Is it really a step-up from storing it in the public_html file? What are some ways (sadly, to hackers, where there is a will, there is a way) somebody could exploit a file that isn't publicly accessible?