last night i could be heard saying "i'm not too concerned about security." this morning i got an email from yet another kind visitor pointing out that my .inc files, including the one with all my passwords, were being presented by the server as plain text when called directly. so anyone could get my database password, my del.icio.us password, and my google api key. suddenly i became concerned about security.
i added the following line to my .htaccess file to make the server parse .inc files just like .php files (as my previous server did):
AddType application/x-httpd-php .inc
which solved the problem. then i changed all my related passwords. no harm done.
so now i'm back to not being concerned about security. after recovering from my initial freak-out mode, i realized that access to the database is restricted to certain IP addresses, so the password alone will not do much unless you are one of my neighbors sharing my IP address. and my del.icio.us posts are now automatically backed up on the links page, so no worries there. and my google api key is pretty much worthless. but still, putting passwords in a publicly-viewable text file is probably not a good idea.