I have never felt comfortable having a site's main front-end files and assets in the same folder as all the main application components.
Is there no way a folder (e.g. public_html) could be used to isolate the front-end files? I understand this will probably cause difficulties with things like themes. Just as it is, we're relying on the server configuration to hopefully block access to any compromising files. With all the front end stuff in a subfolder, this will never be an issue.
1-2 of 2