I’m feeling lucky
I have to be sincere, the result wasn’t what I wanted to see… but now it’s getting really to what I didn’t want ANYBODY to see!
The following is from a Joomla security newsletter:
“It has come to our attention that Google has released a new product, Google Code Search, that is capable of indexing and crawling through archive files stored in the public directories of web servers. We are reporting this as a security advisory because we have discovered that some site administrators are storing archives / backups of their website in the web root. Because of this, Google Code Search is able to crawl the archives and read unparsed PHP files as if they were plain text. This has resulted in the disclosure of some sensitive information including MySQL passwords and SMTP credentials.”
Let’s explain: when I install on my web server an application (like this blog, or the forum…) I’m aware that an hacker could get into the code and mess it up, leaving with a useless site (this already happened to albazilla) or stealing the ability to access it to publish whatever he likes.
Usually the protection consist in leaving codes and passwords in several scrambled files, whose names are not that usual either, basically you would really need to find a way to get it, know what to look for and where… and here comes Google! From now on it is possible to search into files in any webserver.
To make a comparaison with the real world, so far it was only possible to look for the phone number of somebody’s house in the directory and call that house, while now it is possible to look through that house like it would be transparent… I’m feeling lucky 
