Sorry if this is off-topic, because it's not actually a Mediawiki issue (I don't think), but I'm going to throw this out to see if anyone has had a similar issue and has had any success resolving it.
My host has a directory structure that is not secure (for web files). Web files are viewable by all accounts that are on the same machine (necessary because Apache does not run under my ID - so my files have to be 705). This means that index.php, which contains the database id and password, is readable by any of the host's other customers who are on 'my' server who browse my www subdir. I have removed AdminSettings.php, and am using a r/w user in index.php instead of a full access user. But I am still uncomfortable with having the the r/w user ID and pw 'out there'.
The host provides a wrapper, php-cgiwrap, that will wrap my php files so that they run under my ID. Then I can set the permissions to 700 and nobody else can see index.php.
This works fine for a standard test PHP script that just outputs PHPInfo. However, when I feed it the site URL http://www.waterwiki.org/ww/index.php the script, as designed, redirects to http://www.waterwiki.org/ww/index.php/Main_Page. This confuses php-cgiwrap because it looks for script called Main_Page and can't find it resulting in an error "No input file specified". This can be seen in my sandbox: http://www.waterwiki.org/sb/index.php
I contacted the host support guys and they said it's working as designed, see if there's a workaround. I found nothing in the list archive or on meta about php script wrapping, so here I am.
Apologies for the long-winded description.
/mjp