I am planning to deploy a site made using cakePHP. I know that the database info is stored in config/app.php without any security. It contains the username and password info. So I'm wondering when the site is live, if someone gets into my server maybe via a FTP, he/she can access app.php to access the db details. Is this the most secure way?