My apologies - by "server" I was intending to mean web server, not the host itself but I was rushing out of the door so I wasn't very clear. Any exploit, even basic read access to what is under the web tree will start revealing code, database passwords etc. in PHP.