What architecture should be used?

Multi users, the users must not be able to see each other's data.

In the past I done one database and the select statements had the users ID in it, so only the user's data was returned. The user's data is sensitive and users should never be allowed to see each other's data.

Some sites I've notice have different directories for each user. I am curious why.

ex: http://mywebsite.com/user1 and http://mywebsite.com/user2

Are there advantages to this architecture? From a security point of view? Helps prevent cross scripting? How does this work, does each /subdirectory have a separate db table?

Is there one common code folder?

I realize these are a lot of questions and the answers are prob way to long.
Can anyone recommend a site or book that covers this topic?