Facebook's source code was recently served to the user which caused most of it's users worry about security.
Not a PHP dev, but was interested on how the source was served to the users, I remembered couple of years ago I was surprised that a major Philippine newspaper's site served me not only the homepage's code but also the MySql connectionstring(yes user and password and db) hardcoded on that page(php) itself. I emailed the admin and the following day it was ok.
FYI
bonskijr: Facebook's source code was recently served to the user which caused most of it's users worry about security. Not a PHP dev, but was interested on how the source was served to the users, I remembered couple of years ago I was surprised that a major Philippine newspaper's site served me not only the homepage's code but also the MySql connectionstring(yes user and password and db) hardcoded on that page(php) itself. I emailed the admin and the following day it was ok. FYI
I remember doing the same thing in 2004. NBA.com was down and for some reason the connection string to the database server was exposed on the error screen. eeeek not a good practice!