Your scripts are run under a unique user ID, and your hosting directory does not have permissions for other users to enter into it.
You can also store sensitive information (e.g. database passwords) in files ending in .inc, also only accessible via your scripts as above – the web server will never serve these up as it will refuse any requests for .inc files.
Otherwise, the same rules will apply to coding on Simba’s webspace as elsewhere.
Posted in: Questions about PHP scripting