When building web applications is makes sense to hide sensitive files such as say a config file into a folder that will only be accessible via a script and not directly.
One way is to name the directory with a . then the name so if you have a folder called includes rename it to .includes the folder is still accessible but FTP programs and the like hide folder prefixes with a . then to make it locked down place a .htaccess file inside it and place the following:
order allow,deny deny from all
This disables all access by denying anyone from access the folder. You can still use the files inside the directory by including them into your scripts.