if it is possible and/or practical you should store the file outside of your server's doc root. if not then as long as you name the file with the .php extension and your web server is set to parse PHP files (and not just serve them up as plain text) then you should be safe. if the file must be public you should change it's permissions to be non-world readable (if possible)
