I wanted protect myself from a misconfigured server, that might accidentally send the source of serendipity_config_local.inc.php. I moved the file to /var/serendipity (my my web root uses /var/www). I did recursive search and replace to add ../../serindipity/ to the file path. I took similar steps to protect my sqlite database file.
Are there any other files that should be protected?
It would be nice if serendipity had a configPrefix option to handle this.
:),
Mike