Protect against casual reading of your code by the .htaccess
file in the directory from which your PHP is called, and also give
this directory drwxr-xr-x permissions.
Always place 'Options -Indexes' in the .htaccess file and always
have a file called 'index.html' or 'index.php' in the directory.
Determined hacking (usually by brute force FTP) will always result
in some clown f**king up your site. It has happened to me on a few
occasions. Even if you run compiled programs on the server, someone
will get in, someday, and replace your code with malicious crap of
Vigilance, and frequent changes of FTP passwords on your host, do
their bit to help. Otherwise, the first you may hear of it is a dreaded
Google "this site may harm your computer" flag ! ! [At least, this shows
your SEO is effective :-) ]