I ran across this site that shows an exploit of php that gives access to the php info as if they used a page with the phpinfo() function.
The reference is here http://perishablepress.com/expose-php/
I did test my site and it works....can you close this up please?