my theory is if they have access to your file system you're screwed anyways, as the user DB and PW have to be stored somewhere.. which is why web interfaces for your files isn't exactly something you put on your front page reading "Feel free to browse my server's files." ;)


I usually put the salt in a class below the web view, called up privately. And I agree, nothing is safe on the internet. There's only unsecure, and obscured. :)