How secure is storing DB variables with SetEnv or in php.ini?

Question

I don\'t like storing sitewide crypto keys and DB access information under document_root, so I was using Apache\'s SetEnv and php.ini files under conf.d to separate these fr

Answer 1

I prefer storing them in either non-public folders, which can be accessed only by apache, or outside the document_root.