Although some judgments and limitations will be added before these procedures. But in addition to the library files, there are temporary files, template files and so on these files should not be directly accessed through the Web. Store inaccessible files in the Web directory, both in terms of security and code management.
Why is there such a problem? Back in the past, most of the site is still placed on the virtual host, and the root directory of FTP is directly the root directory of the web. In order to adapt to this situation. Like phpBB, VB, Discuz, Ofstar code can only store the library files directly to the same level of the directory.
But is it necessary now? Now the server price is much cheaper than before, basically a webmaster is a server, almost also VPS, and even if the virtual host will not be the FTP root directory and the Web root directory is the same. FTP is generally a higher level directory than the Web. So there's no need to put all the programs in the Web directory, but to put the files that need to be used on the web in the Web directory.
The above describes the Web directory should not have redundant program security considerations, including aspects of the content, I hope the PHP tutorial interested in a friend helpful.