A recent security audit of top sites revealed that roughly 1% of CMS powered sites expose their database credentials due to temporary files created by text editors. The article mentions that a fairly good solution to this issue is to block access to these types of files via .htaccess.
This does seem quite reasonable. Patch forthcoming.
